Malware:ITX8042:2011:LAB

Allikas: Lambda

Labs

4 Lab/Home assignment

Is this a malware how yo knew ? and how to analyse ?

Milestone: 14.10.2011 - 15:00 EET

Download a file pahadus.zip

WARNING FILE CONTAINS LIVE VIRUSES

Take from there three files from 90 files

Pick from 90 files 3 files by next algorithm

  1. sort them by name.
  2. first use last number of your student code + your birthday-s day
  3. for second generate random number http://www.random.org/ and only if it does not mach first number use it for choosing the file
  4. for third use random number generator again and if it does not mach first or second number use it.


Tasks that you need to do

  • Pick you malware
  • Run your malware againtst 2 of next online analysis tools 
 http://www.virustotal.com
 http://camas.comodo.com/
 http://www.threatexpert.com/submit.aspx
  • find additional 2 online analysis tools where to analyze virus


Things that should be presented
  • chosen numbers
  • general information about malware
    • name
    • md5
    • sha1
  • link to analysis result if it is possible
  • link to disinfecting instructions -if not possible explanation why it is not.
  • Analysis tools -links
  • Your opinion about each analysis tool and comparison results.



3 Lab/Home assignment

Assignment: Who is responsible for that ip and how i connected to that ?

Milestone: 07.10.2011 - 08:00

Find whom to sent abuse and other information about that ip get ip-s send mail to course-malware(at)cert.ee


Things that should be presented
* My externeal ip- where from i try to do this work (you can omit last 8 bytes) 
* My ISP
* My ISP AS number  and abuse adress*

atleast 3 times (wil send 3 or mo ip-is) 

* Route to ip
* Hostname - in your best knowledge.
* ISP-s upstream ISP for given IP
* Abuse contact for IP and contact for national CERT whose constituency this IP belongs to. 
* Do i need any additional information besides knowing my problem and  ip to send abuse to this ISP and why.

* tools and or Websites you used to gather this information


2 Lab/Home assignment

Milestone: 26.09.2011 12:00EET

Results to tarmo at cert dot ee cc course-malware(at)cert.ee


for Malware2 optional = requiered and for requiered dedline is 15 now


Primary task • extract disk image of your or your friends thumbdrive / sd ( / cf) card • analyze disk image • document the process • selection of tools and howtos is here and here

Required for those taking Malware 2 and Bonus for others • analyze mobile malware file mmc.jar • unpack it (hint - use zip on .jar) • examine .class files using tool available here • find code sending SMSes using 'sms://' URI • XTRA points - calculate short number used in SM.send • document the process



1 Lab/Home assignment

Assignment: Be a Search master and good infiltrator

Milestone: 8.10.2011 - 20:00

should be sent to course-malware(at)cert.ee


Find out how much costs 

*  DDOS , 
*  credit card number , 
*  infected machine , 
*  sending spam for 1 000 000 people,

Hints :

Knowing Russian slang for that will be beneficial and there are other search engines beside google.


Things that should be presented
* Where you found information (links or sources)
* IM ,AMI forum or whatever contact you have for person whom you can acquire  such thing
* Prices 
 and what ever other information you find relavent.
Pärit leheküljelt "http://lambda.ee/w/index.php?title=Malware:ITX8042:2011:LAB&oldid=8574"