[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-virus
Subject: RE: [Virus-alerts] Playing with Viruses on windows
From: "Jat Pannu" <jpannu () ironport ! com>
Date: 2004-08-10 21:34:51
Message-ID: 65D2600546E11444960D957CFF5B644F60DD35 () anakin ! ironportsystems ! com
[Download RAW message or body]
Have you tried using an IPS product like Okena or Entercept. You can set them up to \
log or block particular actions that virus attempt. The events report various info \
on process, resource accessed, read/write,etc... Both are available for eval \
downloads with 30 day licenses.
-Jat
-----Original Message-----
From: virus-alerts-bounces@lists.ironport.com \
[mailto:virus-alerts-bounces@lists.ironport.com] On Behalf Of Cedric \
Foll
Sent: Tuesday, August 10, 2004 7:56 AM
To: focus-virus@securityfocus.com
Subject: [Virus-alerts] Playing with Viruses on windows
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I would like to now if anyone knows good tools to play with w32 viruses.
The idea would be to run it in a sandbox and trace all action the virus try to do and \
can say 'yes' or 'no'. Something like 'The program try to write XXX in the registry, \
are you agree ?', 'It open a socket, is it ok ?', 'it tries to open this file with W \
access'. I can do something quite similar with VMWARE and Kerio but I would like to \
have something with more information (like a (x)trace on Unix) and more interactive.
Regards.
- --
Cedric Foll
Ingénieur réseaux et sécurité
Rectorat de Rouen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBGOH3L7xzmSvPn+8RAqIbAJ0WAxyCgGIV52K3L3dIS2YD4jXIswCeOWrv
biOhVyyxmEI1yS+DqwmK1gg=
=nvn+
-----END PGP SIGNATURE-----
_______________________________________________
http://lists.ironport.com/mailman/listinfo/virus-alerts
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic