Dailydave mailing list archives

Re: OffensiveComputing

From: "Jeffrey Denton" <dentonj () gmail com>
Date: Sat, 10 Dec 2005 20:20:48 +0100

On a side note, apparently CERT has already issued a complaint to my ISP to
have me taken down. I'll have to look into that one.


That's funny, considering they have one of the largest collections of malware.

One of the tricks they use to identify malware is to run md5sums on each of the ASCII strings found in a file.  They 
then do a little statistical analysis every time something new comes in.  If the string content of something new is a 
90 - 95% match against some malware that's already been analyzed, then it's more than likely a new variant.  The trick 
also works when identifying morphing malware.

Current thread:

OffensiveComputing val smith (Dec 09)
- Re: OffensiveComputing Dan Moniz (Dec 09)
- Re: OffensiveComputing Dave Aitel (Dec 10)
  - Re: OffensiveComputing val smith (Dec 10)
  - Re: OffensiveComputing Thorsten Holz (Dec 11)
    - Exploit development weirdness RaMatkal (Dec 27)
    - Re: Exploit development weirdness Dave Aitel (Dec 27)
- Message not available
  - Fwd: OffensiveComputing val smith (Dec 10)
- Message not available
  - Re: OffensiveComputing val smith (Dec 10)
- <Possible follow-ups>
- Re: OffensiveComputing Jeffrey Denton (Dec 10)
  - Re: OffensiveComputing val smith (Dec 10)
    - Message not available
    - Re: OffensiveComputing val smith (Dec 10)