Skip to main content
Using Nepenthes

Hi, this manual is just covering the basic stuffs. Basically Nepenthes will catch malware faster if you put it in a place where the network is unfiltered.
Few things needed:
  • nepenthes
  • clam-av (so that you can scan the binaries)
  • hexeditor or khexeditor for KDE (if you want to go through the ASCII content)
  • and if "strings" command suit you, it'll give you easier read.

This snippet of output was taken from chatbox with snip3r (hehe)

$clamscan /var/lib/nepenthes/binaries/
/var/lib/nepenthes/binaries/malware_host_arp.pcap: OK
/var/lib/nepenthes/binaries/5b969ead104bf6afd187c4aad480ac45: OK
/var/lib/nepenthes/binaries/a9827363248ccc412911b1719d18183a: OK
/var/lib/nepenthes/binaries/94ee7b1bfa628bd990c5cbd522f3cf84: Trojan.Vanbot-41 FOUND
/var/lib/nepenthes/binaries/f948757c0ba0d2cd663f1e3988eb8787: Trojan.Mybot-7872 FOUND
/var/lib/nepenthes/binaries/7097c55ee0535457025dd158bb1988bb: Worm.Blaster.B FOUND


Well, in the " /var/lib/nepenthes/ " , it contains TWO other folders which are "hexdumps" (which in the SVN version is considered obsolete) and "binaries"
Labels:

Comments

Post a Comment

Popular posts from this blog

Gue dengan S2 gue. Sronok banget!
15 comments
Read more
Beijing and image manipulation addict Salam, Image manipulation with command line is fun and time consuming too. Given my Digikam plugins unable to work, I start to figure out many wonderful features of other tool which offer almost the same quality. However I was stucked with ImageMagick,with many tutorial on the net: Here and Here for i in *jpg ;do convert -font helvetica -fill white -pointsize 18 -draw 'text 10,50 "ACM-ICPC Beijing 2005"' $i $i;done The pix above shows a heater to heat up guest room during ACM-ICPC competition. (outside building's temperature is almost 4 celcious).
Post a Comment
Read more