To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
On 3/16/06, Gadi Evron <[EMAIL PROTECTED]> wrote:
M45T3R S4D0W8 wrote:
> To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
> ----------
>
>
> ------------------------------------------------------------------------
>
> On 3/15/06, Tron < [EMAIL PROTECTED]> wrote:
>
>>To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
>>----------
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: RIPEMD160
>>
>>I have a file, rp5.exe, snared by my running instance of nepenthes,
>>which is quite obviously compressed via UPX...
>>
>>upx -l rp5.exe
>> Ultimate Packer for eXecutables
>> Copyright (C) 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006
>>UPX 1.94 beta Markus Oberhumer, Laszlo Molnar & John Reiser Mar 11th
>>2006
>>
>> File size Ratio Format Name
>> -------------------- ------ ----------- -----------
>> 152064 -> 61952 40.74% win32/pe rp5.exe
>>
>>... but which I can't decompress...
>>
>>upx: rp5.exe: Exception: checksum error.
>>
>>Which is obviously why Norman sandbox stated, for this particular binary..
>>
>>nepenthes-9291587b85191b06bbf80d4ea1fb142e-rp5.exe : Not detected by
>>sandbox (Signature: NO_VIRUS).
>>
>>Presumably, this means that whoever compressed this binary used an
>>altered version of upx?
>>
>>See Norman Sandbox reference 20060315-665 for the full (and unhelpful)
>>report.
>>
>>Regards.
>>-----BEGIN PGP SIGNATURE-----
>>Version: GnuPG v1.4.2.2 (GNU/Linux)
>>
>>iD8DBQFEGF/1BzVUSpB18YoRA6H7AJ0WBPAxFa9QZY3qCXpX/+19HUs+4gCeNdaF
>>qatvE1+3grAjB4H13Hr5MMQ=
>>=9jpt
>>-----END PGP SIGNATURE-----
>>_______________________________________________
>>To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
>>All list and server information are public and available to law
>>enforcement upon request.
>>http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
>>
>
>
>
> There are various Utilitys for making it impossable to Unpack a UPXed EXE.
Nothing is impossible. Not trying to be annoying.. just is.
You can make it as close to impossible as possible. :) (now I am being
annoying) which is the point behind software protection.
Make it difficult *enough*, and you achieved you goal. If it sits on
your computer, you will eventually break it.
Be careful about saying never, ever, impossible, all, non, and 100%,
etc. I always fall on these as I often mean "most", almost all, etc.
Everything is possible, its the degree of the impossible that make it indeed possible.
There are packers that self modify among other goodies that make it extremly hard
to detect or unpack. In the end the unpacked code is in memory and can be analyzed.
UPX scramblers are difficult but is not impossible. Sorry for the slight typo for I meant
difficult.
--
Security is but an illusion of the mind
~M45T3R S4D0W8~
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
