Not-So "Breaking News"

Published: 2008-08-17. Last Updated: 2008-08-17 21:43:58 UTC
by Kevin Liston (Version: 1)
3 comment(s)

The spoofed CNN and MSNBC messages from last week have altered a bit, taking on a more generic approach.

The subject of the message is still: BREAKING NEWS.

Michael has been tracking these botnets for a while, his work is available here: http://www.vivtek.com/projects/despammed/stormspam.html.

Like the others, this first stage is a downloader, still readching out to 66.199.240.138 to get the rest of the goodies.  Unlike the previous waves, the first executable is named install.exe instead of adobe_flash.exe.  So there's a little something different to search for in your proxy logs.

-KL

 

Keywords:
3 comment(s)

Volatility 1.3 Released

Published: 2008-08-17. Last Updated: 2008-08-17 14:43:45 UTC
by Kevin Liston (Version: 1)
0 comment(s)

The folks over at volitilesystems.com have released version 1.3 of their Volatility Framework (https://www.volatilesystems.com/default/volatility) an open source collection of tools that allows an investigator to examine RAM dumps (crash dumps and hibernation files.)

-KL

Keywords: forensics
0 comment(s)

Comments

Login here to join the discussion.


Diary Archives