Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Playing with Viruses on windows

from [SMiller] Network Security [Permanent Link]
Subject: Re: Playing with Viruses on windows
Date: Tue, 10 Aug 2004 15:27:42 -0400 




Partial answer only: Spybot Search & Destroy v1.3 comes with a resident
detector (TeaTimer) that can be configured to request confirmation of
requested registry changes.  I am finding that the value of this feature
\goes far beyond the realm of spyware detection.  It would also seem to do
part of what you ask.

-Scott


                                                                           
             Cedric Foll                                                   
             <cedric.foll@ac-r                                             
             ouen.fr>                                                   To 
                                       focus-virus@securityfocus.com       
             08/10/2004 10:55                                           cc 
             AM                                                            
                                                                    Fax to 
                                                                           
                                                                   Subject 
                                       Playing with Viruses on windows     
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I would like to now if anyone knows good tools to play with w32 viruses.
The idea would be to run it in a sandbox and trace all action the virus
try to do and can say 'yes' or 'no'.
Something like 'The program try to write XXX in the registry, are you
agree ?', 'It open a socket, is it ok ?', 'it tries to open this file
with W access'.
I can do something quite similar with VMWARE and Kerio but I would like
to have something with more information (like a (x)trace on Unix) and
more interactive.

Regards.

- --
Cedric Foll
Ingénieur réseaux et sécurité
Rectorat de Rouen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBGOH3L7xzmSvPn+8RAqIbAJ0WAxyCgGIV52K3L3dIS2YD4jXIswCeOWrv
biOhVyyxmEI1yS+DqwmK1gg=
=nvn+
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Virus-alerts] Playing with Viruses on windows, Jat Pannu
Next by Date:  RE: Playing with Viruses on windows, Altheide, Cory B. (IARC)
Previous by Thread:  Playing with Viruses on windows, Cedric Foll
Next by Thread:  Re: Playing with Viruses on windows, H Carvey
Indexes:  [Date] [Thread] [Top] [All Lists]