Comments on: Storm Binary Tracker Updates http://www.sudosecure.net/archives/153 is anything truly secure... Tue, 06 Jan 2009 04:35:55 +0000 http://wordpress.org/?v=abc hourly 1 By: jeremy http://www.sudosecure.net/archives/153/comment-page-1#comment-89 jeremy Mon, 14 Jul 2008 20:09:07 +0000 http://www.sudosecure.net/?p=153#comment-89 1. based on each MD5 hash, having links to any of the online analyzers will be a good idea. ----The MD5 hash links shouldn't be hard, so I will look into that soon. 2. bindiff of the each variant. ----Is their a bindiff tool for linux as I would want to automate this on the box already doing the analysis. Maybe there is a switch in the standard diff for binaries... I will have to look at this. 3. probably, a column for ports, protrocols used by each variant. ----Now this would be hard.... Not easily done without automating the lab run of the actual binary, which is something I would like to do but haven't. Thanks for the suggestions and glad you found the information useful. --jeremy 1. based on each MD5 hash, having links to any of the online analyzers will be a good idea.

—-The MD5 hash links shouldn’t be hard, so I will look into that soon.

2. bindiff of the each variant.

—-Is their a bindiff tool for linux as I would want to automate this on the box already doing the analysis. Maybe there is a switch in the standard diff for binaries… I will have to look at this.

3. probably, a column for ports, protrocols used by each variant.

—-Now this would be hard…. Not easily done without automating the lab run of the actual binary, which is something I would like to do but haven’t.

Thanks for the suggestions and glad you found the information useful.

–jeremy

]]> By: Gopal http://www.sudosecure.net/archives/153/comment-page-1#comment-88 Gopal Mon, 14 Jul 2008 19:41:32 +0000 http://www.sudosecure.net/?p=153#comment-88 Jermey, As it is, its pretty good info. In addtion to Spam tracking, Domain Name tracking, Name Server Tracking, Web Page Tracking, and a possible peers dataset. If possible, This info might help few researchers. 1. based on each MD5 hash, having links to any of the online analyzers will be a good idea. 2. bindiff of the each variant. 3. probably, a column for ports, protrocols used by each variant. - lot of work, but i love your work. -Thanks for sharing. Jermey,

As it is, its pretty good info.

In addtion to Spam tracking, Domain Name tracking, Name Server Tracking, Web Page Tracking, and a possible peers dataset.

If possible, This info might help few researchers.
1. based on each MD5 hash, having links to any of the online analyzers will be a good idea.
2. bindiff of the each variant.
3. probably, a column for ports, protrocols used by each variant.

- lot of work, but i love your work.
-Thanks for sharing.

]]>