You are here: start » 2005 » 09 » 28 » central_services

central submission server & visualisation

The good news first:
We got a central server, we got a working database.
nepenthes_central_server_database_screenshot.jpg
Using this database we will be able to create a realtime visualisation.

Bad news:
Our two main sensors went down due to hardware issues. So testing the new stuff will take some more time.
If you want to help testing the fresh code, subscribe to the nepenthes-devel mailing list, we will offer a first snapshot for testing there during the next days.

virus activity note 'mswin.pif' &'mswin32.pif'

Currently we experience a high activity of mswin.pif and mswin32.pif, we got 2 different variants of mswin.pif. 

#1 7c9b570ef067ddab504fcd20d965e1ea mswin.pif
#2 867ee46fe52bac55f043f779ab04be36 mswin32.pif
#3 c6e42265d033e02f8d60bca1fd7da824 mswin.pif
Antivirus Version Update #1 #2 #3
AntiVir 6.32.0.6 09.28.2005 no virus found Worm/RBot.121856 no virus found
Avast 4.6.695.0 09.27.2005 no virus found no virus found no virus found
AVG 718 09.27.2005 no virus found IRC/BackDoor.SdBot.LLC no virus found
Avira 6.32.0.6 09.28.2005 no virus found Worm/RBot.121856 no virus found
BitDefender 07.02.2005 09.28.2005 Backdoor.RBot.720EED27 Backdoor.RBot.E8BE740F Backdoor.RBot.720EED27
CAT-QuickHeal 01.08.2000 09.28.2005 Backdoor.Rbot.gen Backdoor.Rbot.gen Backdoor.Rbot.gen
ClamAV devel-20050917 09.25.2005 no virus found no virus found no virus found
DrWeb 4.32b 09.28.2005 Win32.HLLW.MyBot Win32.HLLW.MyBot Win32.HLLW.MyBot
eTrust-Iris 7.1.194.0 09.27.2005 no virus found Win32/SdBot.121856!Worm no virus found
eTrust-Vet 11.9.1.0 09.28.2005 no virus found Win32.Rbot.DRE no virus found
Fortinet 2.48.0.0 09.28.2005 W32/RBot-bdr W32/RBot-bdr W32/RBot-bdr
F-Prot 3.16c 09.27.2005 no virus found security risk named W32/Spybot.KPY no virus found
Ikarus 0.2.59.0 09.28.2005 Backdoor.Win32.HacDef.AE Backdoor.Win32.HacDef.AE Backdoor.Win32.HacDef.AE
Kaspersky 4.0.2.24 09.28.2005 Backdoor.Win32.Rbot.gen Backdoor.Win32.Rbot.gen Backdoor.Win32.Rbot.gen
McAfee 4591 09.27.2005 no virus found W32/Sdbot.worm.gen.i no virus found
NOD32v2 01.01.1234 09.27.2005 no virus found Win32/Rbot no virus found
Norman 5.70.10 09.27.2005 no virus found W32/Spybot.ULL no virus found
Panda 08.02.2000 09.27.2005 no virus found W32/Sdbot.FDI.worm no virus found
Sophos 3.98.0 09.28.2005 no virus found W32/Rbot-AOX no virus found
Symantec 01.08.2000 09.27.2005 no virus found W32.Spybot.Worm no virus found
TheHacker 5.8.2.115 09.26.2005 no virus found Backdoor/Rbot.gen no virus found
VBA32 03.10.2004 09.21.2005 no virus found no virus found no virus found

stats created with openoffice and virustotal.com

Whats quite interesting, the files get recognized as rbot & sdbot variant by almost all scanners, but features anti debug/emulation code. So far only Agobot had anti debug/emulation code present.

This blog post was created on 2009-11-13 at 20:17 and last modified on 2010-06-15 at 13:30 by Markus. It is tagged with .

Comments



Related

Recent Posts

Tags

alix botnet bpf carniwwwhore ctypes dataviz dionaea ftp gnuplot libemu metasploit mssql nepenthes pcap python python3 smb sqlite ssl xmpp

Comments

2005/09/28/central_services.txt · Last modified: 2010/06/15 13:30 by common
chimeric.de = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0