Educause Security Discussion mailing list archives
Re: Question about malware research
From: Joe St Sauver <joe () OREGON UOREGON EDU>
Date: Thu, 10 Jan 2008 19:41:30 -0800
<jukeane () sas upenn edu> mentioned:
I suppose what I mean to ask is, where can I find hard evidence of malware that does things like grabs keystrokes, mouse clicks, sniffs traffic, etc? I hate to point to unreferenced articles or analysis of commercial products that have these capabilities.
I don't know if this is sufficient for your purposes, but most antivirus companies offer malware encyclopedias which describe malware functionality on a virus-by-virus basis. For example, as part of documenting the impact of malware on DNS integrity for a "Port 53 Wars" talk I did, I culled a number of DNS-oriented virus descriptions from vendor summaries, see slides 30-34 of http://www.uoregon.edu/~joe/port53wars/port53wars.ppt (or .pdf) If you want something more in-depth than comparatively terse A/V vendor malware writeups, some security researchers, such as Joe Stewart, do some great in-depth analyses. See, for example: http://www.joestewart.org/?page_id=5 When it comes to the particular threats you mention, if you just need an example or two of each: -- VirusList has a great list of password-stealing trojans at: http://www.viruslist.com/en/virusesdescribed?chapter=153317860 -- SDBot is a nice example of a network traffic sniffing bit of malware; see for example: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO RM_SDBOT.UH&VSect=T If I've completely misunderstood what you were looking for, feel free to drop me a note and I'll give it another try. :-) Regards, Joe St Sauver (joe () oregon uoregon edu) http://www.uoregon.edu/~joe/
Current thread:
- Question about malware research Justin Klein Keane (Jan 10)
- <Possible follow-ups>
- Re: Question about malware research Valdis Kletnieks (Jan 10)
- Re: Question about malware research Justin Klein Keane (Jan 10)
- Re: Question about malware research Bill Brinkley (Jan 10)
- Re: Question about malware research Joe St Sauver (Jan 10)