sudosecure.net

              is anything truly secure…

« Storm spamming Penny Stocks, and Pharmaceuticals all while performing DDoS attacks
Storm Worm spam and domain names update »

Storm Binary Tracker Updates

Posted by jeremy on July 13th, 2008

I had some spare time this afternoon, so I decided to update the web interface to my Storm Tracker Database. I hope everyone finds these changes useful, as I have include several correlated data displays in an attempt to make researching the Storm Web Proxies and Binaries I have harvested a little easier and user friendly. I personally have performed most of these queries on my dataset offline, but was to lazy in the past to create a web front end for them. In addition I have also included in these new data views embedded hyperlinks that allow you to drill down on different datasets faster.

I do have some ideas for some future enhancements such as Spam tracking, Domain Name tracking, Name Server Tracking, Web Page Tracking, and a possible peers dataset. I can't guarantee I will ever implement any of the above, but they do sound useful.

If any of you have any enhancements or data views you would like to see or think would be useful feel free to contact me with the details, as I will take them into consideration when I decide to revamp the Storm Tracker again.

This entry was posted on Sunday, July 13th, 2008 at 7:16 pm and is filed under Bots and Worms, Site Update, Storm Worm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Storm Binary Tracker Updates”

  1. Gopal Says:
    July 14th, 2008 at 1:41 pm

    Jermey,

    As it is, its pretty good info.

    In addtion to Spam tracking, Domain Name tracking, Name Server Tracking, Web Page Tracking, and a possible peers dataset.

    If possible, This info might help few researchers.
    1. based on each MD5 hash, having links to any of the online analyzers will be a good idea.
    2. bindiff of the each variant.
    3. probably, a column for ports, protrocols used by each variant.

    - lot of work, but i love your work.
    -Thanks for sharing.

  2. jeremy Says:
    July 14th, 2008 at 2:09 pm

    1. based on each MD5 hash, having links to any of the online analyzers will be a good idea.

    —-The MD5 hash links shouldn’t be hard, so I will look into that soon.

    2. bindiff of the each variant.

    —-Is their a bindiff tool for linux as I would want to automate this on the box already doing the analysis. Maybe there is a switch in the standard diff for binaries… I will have to look at this.

    3. probably, a column for ports, protrocols used by each variant.

    —-Now this would be hard…. Not easily done without automating the lab run of the actual binary, which is something I would like to do but haven’t.

    Thanks for the suggestions and glad you found the information useful.

    –jeremy

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« Storm spamming Penny Stocks, and Pharmaceuticals all while performing DDoS attacks
Storm Worm spam and domain names update »