Malware:ITX8060:2011:LAB1

Allikas: Lambda

Find out what is wrong.

Milestone: 01.12.2011 - 00:00

should be sent to course-malware(at)cert.ee Subject should be : "studentnumber".Firstname.Lab1 File mname Sould be "studentnumber".Firstname.Lab1.(txt.odt.pdf....)

If you did it together

Subject should be : "studentnumber".Firstname."studentnumber2".Firstname2.Lab1


There is 2 "computers" one of them are definitely infected second one i'm not sure about.

images for virtualbox can be downloaded

Bittorrent tracker

Win1

Win2

Http download

Win1

Win2


Assignment

Exercise can be done with partner 

* Find out what is infecting the machine win1
* Understand which way is the current malware dangerous to "your organisation" 
* If possible, do  clean win1
* Is win2 clean or it has problems, too?
* If needed, do clean win2


Deliverables

Questions that answers should be visible !. 

*Summary - Your thoughts about the exercise. Please provide a short summary
* Malware that infects machines 
  - Md5 hash - if it possible and if not, please explain, why. 
  - Sha256 has -if it possible and if not, then please explain, why.
  - A description - in which way that malware is a threat to "You organization" 
* Tools You used to find the infection(s)
* Tools You used to clean machine(s) 
* Where You found hints and how exactly You did it  (you need to show Your thought
and communication process - please write a summary of it.)
* how would you evaluate your partner.

Please consider malware analysis report reminders

Pärit leheküljelt "http://lambda.ee/w/index.php?title=Malware:ITX8060:2011:LAB1&oldid=8595"