Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question about malware research

From: Joe St Sauver <joe () OREGON UOREGON EDU>
Date: Thu, 10 Jan 2008 19:41:30 -0800
<jukeane () sas upenn edu> mentioned:


I suppose what I mean to ask is, where can I find hard evidence of
malware that does things like grabs keystrokes, mouse clicks, sniffs
traffic, etc?  I hate to point to unreferenced articles or analysis of
commercial products that have these capabilities.


I don't know if this is sufficient for your purposes, but most antivirus
companies offer malware encyclopedias which describe malware functionality
on a virus-by-virus basis.

For example, as part of documenting the impact of malware on DNS integrity
for a "Port 53 Wars" talk I did, I culled a number of DNS-oriented virus
descriptions from vendor summaries, see slides 30-34 of
http://www.uoregon.edu/~joe/port53wars/port53wars.ppt (or .pdf)

If you want something more in-depth than comparatively terse A/V vendor
malware writeups, some security researchers, such as Joe Stewart,
do some great in-depth analyses. See, for example:

http://www.joestewart.org/?page_id=5

When it comes to the particular threats you mention, if you just
need an example or two of each:

-- VirusList has a great list of password-stealing trojans at:

   http://www.viruslist.com/en/virusesdescribed?chapter=153317860

-- SDBot is a nice example of a network traffic sniffing bit of malware;
   see for example:

   http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WO
   RM_SDBOT.UH&VSect=T

If I've completely misunderstood what you were looking for, feel free
to drop me a note and I'll give it another try. :-)

Regards,

Joe St Sauver (joe () oregon uoregon edu)
http://www.uoregon.edu/~joe/
Previous By Date Next
Previous By Thread Next

Current thread: