In doing work-ups for malicious code analysis, I've been using Full Disclosure as a source as it allows attachments. This allows me to download onto a non-MS machine, run a virus scanner and do other things while deciding to use the sample or not.
In the process, I usually hit Google also. In trying to figure out "You_are_dismissed.com" (it's Bagle.Ap) I found tasklist.org. It appears to be a really good source for identifying unknown (unauthorized) processes.
No comments:
Post a Comment