about 2 months ago - 1 comment
The release of LMD 1.4.1 is now live and with it comes a few new features. In this small update, I have tried to deliver on on a couple of common feature requests from users which were in-line with my development goals. That said, right to it… The biggest change has come in the form More >
about 4 months ago - 7 comments
As cliche as it sounds, where has the time gone? Today we celebrate two years of Linux Malware Detect, open-source (web) malware detection. The project has seen allot of change since the first release. What was initially started as an internal project to deal with a large increase in malware activity at my job, a More >
about 9 months ago - 2 comments
The much awaited for 1.4 release of Linux Malware Detect is here! In this release there is quite literally something for everyone, from massive performance gains to FreeBSD support and everything in between . For those who wish to dive straight into it, you can run the -d or –update-ver option to update your install More >
about 10 months ago - No comments
I have put up a revision to the 1.3.9 release of LMD that fixes a hexdepth bug in which malware greater than 65Kbytes would cause an error in the internal hexstring.pl script and be considered clean on the stage2 hex scanning of malware. This would mean that unless malware had a MD5 signature for it More >
about 10 months ago - No comments
It has been a busy couple of weeks for the LMD project, lots of late nights and sleepless days behind me and I can say I am a ‘little’ happier with where things are in the project now This release has no major feature changes or additions other than a modification in the default hexdepth More >
about 11 months ago - 7 comments
On this day eight years ago, Advanced Policy Firewall (APF) version 0.5 for Linux was publicly released. Since then, APF has stood the test of time and still remains to this day, one of the most widely used Linux firewall solutions, with especially high usage in the web hosting industry. I was 18 years old More >
about 1 year ago - No comments
It has been a very active month for those that pay attention to the signatures as they are released, you might have noticed a sudden spike about two weeks ago in signatures from 2,500′ish to the now 4,425 mark. The vast majority of these signatures were put up in MD5 format as a great many More >
about 1 year ago - 1 comment
In a previous blog I discussed how one of the more enjoyable parts of my day-to-day malware rituals also involves the tracking and killing of command and control bot networks. Recently I have begun automating this process a bit; I have created a series of scripts that extract irc servers, port numbers and channels from More >
about 1 year ago - No comments
When I first introduced you all to the Aggregate Threat Feed back in May, it was a much smaller feed with very simple ambitions — pulling together threat data at work from our network edge and host based firewalls and aggregating the data into a usable feed. The actual intention being that as an attacker More >
about 1 year ago - 2 comments
Since I will be busy this coming week with other priorities, I am posting an early month in review blog on signature updates. In the last 3 weeks we have not seen a whole lot of action on in-the-wild malware, most of what is propagating at the moment are variants of already detected content. That More >
about 1 year ago
love it all !!! amazing work !!! .. keep it comen !!! all very helpfull !!! so much can be used from the information you provide !!!