To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- M45T3R S4D0W8 wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > > > ------------------------------------------------------------------------ > > On 3/15/06, Tron <[EMAIL PROTECTED]> wrote: > >>To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>---------- >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: RIPEMD160 >> >>I have a file, rp5.exe, snared by my running instance of nepenthes, >>which is quite obviously compressed via UPX... >> >>upx -l rp5.exe >> Ultimate Packer for eXecutables >> Copyright (C) 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006 >>UPX 1.94 beta Markus Oberhumer, Laszlo Molnar & John Reiser Mar 11th >>2006 >> >> File size Ratio Format Name >> -------------------- ------ ----------- ----------- >> 152064 -> 61952 40.74% win32/pe rp5.exe >> >>... but which I can't decompress... >> >>upx: rp5.exe: Exception: checksum error. >> >>Which is obviously why Norman sandbox stated, for this particular binary.. >> >>nepenthes-9291587b85191b06bbf80d4ea1fb142e-rp5.exe : Not detected by >>sandbox (Signature: NO_VIRUS). >> >>Presumably, this means that whoever compressed this binary used an >>altered version of upx? >> >>See Norman Sandbox reference 20060315-665 for the full (and unhelpful) >>report. >> >>Regards. >>-----BEGIN PGP SIGNATURE----- >>Version: GnuPG v1.4.2.2 (GNU/Linux) >> >>iD8DBQFEGF/1BzVUSpB18YoRA6H7AJ0WBPAxFa9QZY3qCXpX/+19HUs+4gCeNdaF >>qatvE1+3grAjB4H13Hr5MMQ= >>=9jpt >>-----END PGP SIGNATURE----- >>_______________________________________________ >>To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>All list and server information are public and available to law >>enforcement upon request. >>http://www.whitestar.linuxbox.org/mailman/listinfo/botnets >> > > > > There are various Utilitys for making it impossable to Unpack a UPXed EXE.
Nothing is impossible. Not trying to be annoying.. just is. You can make it as close to impossible as possible. :) (now I am being annoying) which is the point behind software protection. Make it difficult *enough*, and you achieved you goal. If it sits on your computer, you will eventually break it. Be careful about saying never, ever, impossible, all, non, and 100%, etc. I always fall on these as I often mean "most", almost all, etc. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
