Opinion: Cool tools for hacker trackers
InfoWorld - If you want to keep up with the latest criminal exploits without having to collect malware yourself, take a look at SRI International's Cyber-Threat Analytics BotHunter Malware Analysis Web page
Reporting on information and statistics collected from a research honeynet, the BotHunter Malware Analysis page makes daily infection logs from high-interaction honeypots available for anyone to view. Although the scale of the project and information collected is fairly small, this is a useful site for gaining more insight into crimeware and the world of bots.
Clicking on any of the daily reports presents dozens of pieces of information on each day's attacks. It starts off with time and date of each bot attack, and the honeypot platform type (e.g., Windows XP, Windows 2000 and so on). It reveals the Snort rules used to detect incoming malware and how many antivirus companies detected the malicious code.
Each captured malware program is run against 28 to 32 antivirus engines. Try browsing the daily reports to see how many times none of the antivirus scanners detected the malware. Surprisingly, this happens roughly one-third of the time -- not a comforting statistic.
The honeynet automatically extracts plain text strings and tries to determine which executable packer was used. It decodes each executable and provides code traces. It appears that complete assemblies and packet traces are available upon request. A short summary forensic log can be obtained for each malware attack.
Cain & Abel update Like many leading-edge technology companies, one of my favorite hacking utilities, Cain & Abel, is constantly updating itself. For years, it's been the hacker utility with the most built-in features of any GUI tool. It can crack at least 28 different password hashes, conduct ARP spoofing and man-in-the-middle attacks, and sniff more than a dozen different passwords off the wire. When converting password hashes to passwords, it can use several different cracking methods, including dictionary, brute force and rainbow tables. It's not the fastest (get John the Ripper for that), but it's the easiest and most versatile tool available. The program's single downside is that it is only available for Windows.
I've been aiming to test Cain & Abel on Windows Vista since Vista came out almost a year ago. Although Cain & Abel must be started in elevated mode, many of the key features don't work, as I suspected might be the case. Protected Storage, Remote Desktop Protocol and Credential Dumper didn't work, although a local LSAdump of custom service account passwords and wireless preshared keys and hashes did. I couldn't get any of the man-in-the-middle attacks to work, and none of the tools for sniffing passwords off the network provided any usable data.
Reprinted with permission from
Story copyright 2006 InfoWorld Media Group, Inc. All rights reserved.
network administrator
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!
Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!
Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Email Archiving: A Business-Critical Application
Get this paper now!
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
IBM ISS X-Force Threat and Risk Report
Learn about all aspects of threats that affect Internet security.
Consolidate Your Servers and Storage to Lower Costs with Oracle Database 11g
Register for this webcast!
The New World of eCrime: Targeted Brand Attacks and How to Combat Them
Download This Whitepaper Now!
The Commercialization of ITIL: Lessons Learned
Register for this event today!
