R-fx Networks

Archive for August, 2010

Tracking & Killing Bot Networks

by on Aug.17, 2010, under My Blog

In a previous blog I discussed how one of the more enjoyable parts of my day-to-day malware rituals also involves the tracking and killing of command and control bot networks. Recently I have begun automating this process a bit; I have created a series of scripts that extract irc servers, port numbers and channels from […]

1 Comment :, , more...

Understanding Signatures

by on Aug.16, 2010, under Development, My Blog

The signature naming scheme for LMD is a little confusing and something I’ve received more than a few questions about, more so about what the *.unclassed signatures mean. The naming scheme (to me) is straight forward and breaks down as follows: {SIG_FORMAT}lang/vector.type.name.ID# The ‘SIG_FORMAT’ is either HEX or MD5 reflecting the internal format of the […]

2 Comments :, more...

ATF v2: Weighted Threats

by on Aug.14, 2010, under Development, My Blog

When I first introduced you all to the Aggregate Threat Feed back in May, it was a much smaller feed with very simple ambitions — pulling together threat data at work from our network edge and host based firewalls and aggregating the data into a usable feed. The actual intention being that as an attacker […]

Leave a Comment : more...

Looking for something?

Use the form below to search the site:

Site Links

A few links to navigate our site quicker...