Re: Cool: using Wine to dissect the Storm bot!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Dec 30, 2008 at 4:52 PM, Dan Kegel <dank@xxxxxxxxx> wrote:
> http://blog.mellenthin.de/archives/2008/12/30/25c3-hangover/
> says, in a writeup about the recent CCC meeting,
> "Sehr interessant war Squeezing Attack Traces und Stormfucker: Owning
> the Storm Botnet. Zuerst wurden konkrete Techniken gezeigt, wie man
> Malware analysieren kann. Die Zentrale Idee ist hier, statt eine
> Sandbox (Windows in einer VM) zu verwenden, die Requests unter Linux
> an Wine weiterzureichen. Dort kann man sich an jedem beliebigen Punkt
> reinhängen und die Requests der Malware auseinander nehmen."
>
> Sounds like somebody was using Wine to trace through the Storm bot's code,
> one win32 syscall at a time.  Cool!

This may be related:
http://zerowine.sourceforge.net/

It's fairly simple... just a prebuilt qemu image that lets you run a
piece of malware in a wine-on-qemu sandbox with verbose logging
(looks like WINEDEBUG=+relay,+file).
- Dan



[Index of Archives]     [Gimp for Windows]     [Red Hat]     [Samba]     [Yosemite Camping]     [Graphics Cards]     [Wine Home]

  Powered by Linux