Posts

Showing posts from 2008
Image
Memerangi "phishing" dengan "Phish"


"Phishing" memanipulasi kejahilan pengguna Internet dan ketidaktahuan mereka mengenai protokol, URL dan sebagainya yang berkait.

Untuk menguji samada anda benar-benar mampu untuk mengenalpasti laman "phishing", cubalah main permainan ini!

klik sini
Unlucky John

apt-get install lame john
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
john lame
0 upgraded, 2 newly installed, 0 to remove and 27 not upgraded.
Need to get 823kB of archives.
After this operation, 1901kB of additional disk space will be used.
Get:1 http://my.archive.ubuntu.com hardy/main john 1.6-40.3ubuntu1 [548kB]
Get:2 http://my.archive.ubuntu.com hardy/multiverse lame 3.97-0.0 [275kB]
Fetched 823kB in 55s (14.9kB/s)
Selecting previously deselected package john.
(Reading database ... 258521 files and directories currently installed.)
Unpacking john (from .../john_1.6-40.3ubuntu1_i386.deb) ...
Selecting previously deselected package lame.
Unpacking lame (from .../lame_3.97-0.0_i386.deb) ...
Setting up john (1.6-40.3ubuntu1) ...

Setting up lame (3.97-0.0) ...
Publication listed in PNM

PNM - Perpustakaan Negara Malaysia (?) indexed my publication into their database:

here


Author Muhammad Najmi Ahmad Zabidi Main Title Projeklokalisasiperisiansumberterbuka : usahaperkembangan, harapandanrealiti / MuhammadNajmiAhmadZabidi Host Item Free and Open Source Software conference : 2003: Subang Jaya p. 105-113 Subject Open source software Subject Computer software Notes Bibl. Call No. (Rujukan) 005.309595 FRE f M Record Status
Image
Walimah@ Bagan Datoh on 26th Jan 2009

source

*and we shall accumulating, categorizing excuses for not attending the event.
Life with Due Dates

Nikah 26 Okt 2008
Father in Law passed away 19 Nov 2008
TOEFL 10 Jan 2009
GRE 5 Feb 2009

My death? My first baby born?
Malware Challenge 2008 Results

source
Contest Results In all, we received 29 submissions to the contest. All of the papers showed their own unique approach to the challenge which made it very difficult to pick who received any prizes. However, after reading through all the submissions we picked the ones we felt were written the best, performed the best analysis and demonstrated theri knowledge in a way which was most learnable by others. Top 3 Submissions Emre Bastuz*Ajit GaddamDan Roberts
Runner Ups Chetan Ganatra*Scott KnightApneet JollyTareq SaadeRyan HaywardMichal Dida*Stephen DavisITT Tech TeamDan Kieta * Those marked are not eligible to receive prizes since they reside outside of North America. However, we wanted to recognize their excellent contribution to the contest. Rest of Submissions Jerome SeguraAnthony LineberryMelissa E.Team LipstickBrian AlmondHanelSpirit CatMuhammad Najmi Ahmad Zabidi0xbaddeadBilboOleg ChuviloOtto LenghiAnonymouseklksPeter KruseAttila-Mihaly BalazaNelson Santos
List of CS schools in US which offering Phd

Refer here
Skype-pidgin plugin

I found skype-pidgin plugin. You can download it here
Hamming's advice

If you're in pursuit of research problem ... read this
Online Interview

I gonna have online interview this Wednesday 2PM (NL time). Good luck to me
Offline(hopefully) enjoying *real life*

Your hot blog author will be offline, soul searching for real life out there. He will be back once he got something to blog. But somehow since he got dial up access in kampung, he might hardly to offline unless his mum pinches him.

I just wonder whether this blog has its own reader. Looking at the traffic it tells somebody's here.


Open Problem : Why should I go to US for Phd?I already bought TOEFL/GRE books and that cost me around RM180(approx USD60). Now that I discussed and influeced by several ideologies I become hesitate again with the effort.Where should I go for my Phd study?I was initially plan to AUS but then after several search, I don't really think I'm interested to work with the topic.. though under the security theme. Next, I was phone interviewed by an interviewer from UK but seems the sponsoring institution no longer favor on sponsoring students to UK. Also, thinking of doing only research will lead to the real depth of micro problem, I'm thinking to get exposed to broader issue/circulation of the intended problem.What that suppose to mean?It means I have a thought to master several areas related to my research interest. Say, my research interest will be around malware analysis. I would like to learn on Machine Learning, which under the AI theme, also, Systems Programming since dealin…
Read only if you have time for ALLAH
إقرأه فقط إن كنت تمتلك وقت لـ الله

Let me tell you, make sure you read all the way to the bottom. I almost deleted this email but I was blessed when I got to the end
دعني أخبرك، تأكد أنك ستقراه الى النهاية. لقد كدت احذفه ولكني بوركت عندما وصلت إلى نهايته

ALLAH,'This is the message title'!!
when I received this e-mail, I thought...
' الله ' هو عنوان الرسالة !! عندما وصلتني هذه الرسالة, فكرت....

I don't have time for this... And, this is really inappropriate during work.
أنه ليس لدي الوقت لمثل هذه الأشياء وأنه ليس من المناسب أن اقرأ مثل هذه الأشياء خلال العمل

Then, I realized that this kind of thinking is.... Exactly, what has caused lot of the problems in our world today.
بعد ذلك انتبهت, أن هذا النوع من التفكير هو تماماً السبب في جعل عالمنا مليء بالمشاكل حالياً

We try to keep ALLAH in MASJIDS on FRIDAY...
لقد حاولنا جعل الله والدين في المساجد أيام الجمعة

Maybe, FRIDAY night...
أو ليلة الجمعة

And, the unlikely event of a MAGHRIB SALLAH.
وصلاة ال…
Machine Learning for Network Security

Another informative link from Down Song, a prof @ Berkeley

http://www.cs.berkeley.edu/~dawnsong/networking.html
Self Regenerative Systems


To get to know, get in touch with these people

http://helix.cs.virginia.edu/people
Machine Learning for Computer Security

I stumbled to several website.. since I'm searching work on malware detection rate improvement. Found a few

http://mls-nips07.first.fraunhofer.de/

Also works by Terran Lane (I emailed him once)

http://www.cs.unm.edu/~terran/publications

Seems that many faculty that I stumbled into were alumnus of Purdue (specifically in Computer Security domain).
Busy as a bee

Today- I should submit my research proposal - perhaps at least general idea what you intend to accomplish for

Also, have to accomplish few stuffs before my big day ... including planning sightseeing somewhere locally. Not money ma ...

Every morning I start to pick up things, move them to my new house... slowly moving from the currently rented flat house which I lived for more than a year.
Image
Berdebar-debar untuk bersama si_dia

Image
Raya like no others.

Boom! The self made cannon made by the kampung folks booming during the raya days, as usual I tried to figure out how many cannons out there which I can archive their picture.

Unfortunately, I only found one, which the same arch as last year.




Pidgin-Facebook plugin

After I got my gtalk enabled on my Pidgin, now that I'm thinking of whether somebody already did something on Facebook. Yeah it's there!

Here

Work on multiplatform.. since I'm working on Ubuntu now, .deb worked just fine:

dpkg -i pidgin-facebookchat-1.35.deb
Selecting previously deselected package pidgin-facebookchat.
(Reading database ... 179380 files and directories currently installed.)
Unpacking pidgin-facebookchat (from pidgin-facebookchat-1.35.deb) ...
Setting up pidgin-facebookchat (1.35) ...


:-)
Louisiana @ Lafayette!

Mr/Ms Najmi,

Your qualifications appear to be good, and we will be pleased to
consider your application. If you will give your mailing address, I
will ask our office to send you our application packet, with all forms
and requirements of our programs. You may wish to visit our web site at
http://www.cacs.louisiana.edu/ and that of the Graduate School
http://www.louisiana.edu/Academic/GradSchool/ . Fee schedules will be
at http://bursar.louisiana.edu/ . You may also apply online.

Deadlines for application are 1 November for Spring, and 1 April for
Fall, if you wish to be considered for assistantship.

CACS and the Graduate School require a BS degree with GPA >= 2.75, or
First Class honors from universities using that system. We require the
GRE, General Test, with GRE-V >= 380, Q >= 600, and TOEFL >= 80(new online).

---------
CACS, ULL
tapi baru ni masa Gustav alert tu dengornya area selatan2 ni la yang kelam kabut kena. Ish ish... sukarnya!
As Time Goes By....


Hi Najmi,

The best way to figure out if I'd like to have you as a PhD student, and if you'd like to have me as your advisor, would be to meet and talk. We can do that once you start USC in Fall. I looked over your CV and papers you sent. This is nice work for BSc degree. What you want to do during your MS and PhD is to expand on the research part. Best way to do this, and also to improve writing style and language, is to read a lot of research papers so that would be my first suggestion. Look at top security conferences such as USENIX, CCS or security papers at networking conferences SIGCOMM, Infocom, NDSS and NSDI.

The length of the study depends on both your topic and your work. You usually are ready to graduate once you had 3-5 papers from your topic published at good conferences. Publishing takes time and that's the major source that defines when one can graduate. That, and finishing the work on the topic - but since you need to finish the work anyways…
[wtr] Rumah sekitar Taman Melati, julat RM400-800 sebulan


Mula duduk: Nov 2008


Contact saya dengan komen di komen sini. Atau call 019 387 0980

Spam akan dihantar ke /dev/null
Image
Nobody will care about out existence.... we are merely just statistics!

KUL-TGG-KUL

Hello,

My paper and slides can be downloaded here:

Slides

Paper
MyEduSec 2008 speakers' slots

Click here .... mine is the last slot.

Just wondering who is Madihah Saudi, 3 papers are hers.
Image
HEADS UP: KDE l10n EN-ms-MY Progress (as of 12th Aug '08)



source
Image
Kisah Lipan dan Pepijat





A new SVN commit after ~2 years


svn commit -m "update" desktop_kdebase.po

You can track my SVN commit activities here

http://cia.vc/stats/author/mnajem
Phrack #65

Hello,

I just realized that Phrack #65 was released months back in April 2008. Hardly to keep up since I'm not sure how frequent they release their underground zines.


View here
Nak ambik GRE kot

Thinking of registering GRE exam.. since applying to US/CA/SING (hmm) means they need this exam to check your sanity level.

Ask Prometric for the exam fees.. around USD170 and have to pay by US Dollar . The exam will be held every Thursday, and if you want to retake the buffer is one month. (why?).

Some US univ just fine with IELTS.. but most of them need TOEFL.

So far I'm not that satisfied with AU/NZ research groups... I do not know whether this is the best decision.

As if I just forgotten about Plymouth. Not that I do not want to go there, it just simply I just do not know which is the best place to suit me and my wife wannabe later on.

Hopefully can make it, getting my butt outta here for Fall 2009.
“The best methodology for C++ teaching from ground up – an experience in the XYZ University”By me {at} gmail.com, B.MIS, MSc(CS)In this paper we share our experience in delivering the structured programming introduction to the undergraduates whom never learn programming, or had background in C language. We observed this behavior and measure the students by looking at their quantitative output. This hopefully will be towards the effectiveness in teaching and the best measurement to evaluate education methodology. For the milestone we hope that this novel approach will yield to yet another Nobel Laureate winner from Malaysia. BackgroundIn XYZ we use C++ as the introductory language, and formerly we used C language. One of the reasons is simply because the advanced subjects in the undergrad years mostly are using object oriented language. For example, books in Data Structure and Algorithm nowadays focusing in C++, and the C version on the same title are slowly taken out from the market. …
Image
Macam bagus






Seperti yang anda lihat di dalam gambar, kereta reban ayam sudah berganti dengan kereta satria 1996 ku yang sudah dicat baru.. kos semua ialah

RM1,650 untuk cat satu body+ganti penutup depan
RM65 untuk logo Proton baru .. ni kedai tu pandai2 ganti... but then since dia dah pasang aku malas nak gaduh la.. kalau ikutkan mana boleh macam tu.. simply kau je nak ganti.. kalau free takpe la.. macam mana kalau logo tu somebody kasi ke or simply aku nak preserve as most antique car. Not everything must be new.. tawkeh!

RM28 untuk lampu depan belah kiri yang pecah.. tu pun sama aku tak bagitau suruh ganti.. aku ada plan nak pi Brothers saja tukar. But this one OK kot. Cuma aku tak survey la tempat lain kan tengok harga.. kot2 lagi murah.

I'm thinking of tukar power window belah kiri punya rotor since jammed kerap sangat, especially kalau aku turunkan abis langsung tak boleh naik! Kalau hujan ke apa kan naya je. Aku tanya harga kat situ RM110.. before minyak naik dulu aku buat kat Pe…
Image
Kucing betul (meow 10x)




Balik kampung ada kucing... then geletek kucing pastu baru kasi makan.. hoho..
Image
Keta spare + reban ayam bergerak






Aku hantar keta satria aku pergi ketuk+cat satu body... RM1600 hengget. Then kedai tu janji nak kasi keta spare (aku dah agak la keta cabuk).. so aku ikut pomen tu pergi ampang.. dekat rumah tunang aku.

Then sampai sana aku tengok dia kasi keta saga aeroback.... dia punya wiper dan lampu switch ko tau guna pulas macam radio tu.. damn serious aku tak penah tengok..

Yang paling jijik dinding luar keta tu penuh taik burung... so aku sabor je.. then aku bawak balik keta tu dari ampang... trafik jem la plak.. sampai depan sket dari flamingo.. dang!!!!! enjin berenti.

Aku bengang betui... so aku takde plak nombor cawangan bengkel tu kat taman melati.. so aku check resit aku dulu-dulu dalam wallet.. takde nombor tepon!!!!

Last-last dah dekat 1/2 jam aku call tunang aku mintak dia pergi bengkel tu kasi tau aku tersadai kat MRR2... mula2 lane tengah tu.. nasib la trafik jem.. then aku tolak keta tu kat tengah2 susur masuk dari flamingo dan MRR2.. lepak situ.. just i…
Kucing

MEOW


MEOW
MEOW
MEOW
MEOW
MEOW


MEOW
MEOW
MEOW
MEOW


CLICK HERE... IT IS GROSS!
Image
Usenix papers for HotSec 2008



I just checked on this.. you can download the papers here
Am I really fit to that_great_school

Response from one prof that I emailed:
Hello,

I am no longer taking PhD students in the area of security. My suggestion is
that you apply toPurdue, Dartmouth, George Mason, Johns Hopkins.

Best wishes on your education.
--prof

Oh boy!
Coming soon

Thank you very much for interest in our program.
congratulation , your paper entitled:

1. Effective Malware Analysis with Nepenthes

has been accepted and approved by our committee to present for our
conference.

as for the presentations , shall you have any
notes/handouts(ie:power point slides) to be distributed, please submit to
us at least a day before the actual presentation day for preparation.

to remind you, the fee for each paper is RM650.00 payable on the
registration day.

thank you very much and congratulation again


------------------------------
MyEduSec 2008
Striving Towards Secured Information
http://www.udm.edu.my/myedusec/2008/
KDE revisited

I just went through bulks of my previous papers and what not and I found my previous writings on KDE localization, and presentation slides. I edited few old stuffs (such as email, because it was not being used anymore.. and also updated the blog address). The rest just remain, including my English level at that time.

If you have time to read, or simply just want to read it then you refer here:

KDE to Malay report [pdf]

KDE to Malay presentation [converted to pdf]
Libang-libu (the lemma of choices)

Don't ask me what it meant, it just words that I think it fun to put as my topic today.

I am pretty much snowed under with tremendous workload ... teaching 3 sections with ~120 students, meetings, seminars in the workplace.. and what not. Alas, I'm not forgetting my pursuit for Phd ... despite I'm worrying whether I'm on par with the rest of the CS scientist (wannabe).

Thinking about go to States, looking that_many people from Asia going there, and lotsof them even become the faculty members. Not I'm thinking to become like them(though I admit it is kinda pride working as a faculty member in a place where CS was borned). Now that one thing I don't really like about applying to States is that you_have_to_spend_USDs_for_just_applying.

Unlike applying for .AU, where you just simply go to IDP, and send your letters, etc and *they will take care most of the stuffs for you for FREE*...

If I'm applying for States, means I've to si…
Image
Get me out of here



Pretty much a joke
API Hooking

Ok, I admit it. I stumbled to these words once I read literatures on CWSandbox from Mannheim. Since in Nepenthes we can simply send the newly fetched binaries to the sandboxes, I was like triggered to know what was executed behind them.

The method being called as API hooking. The other similar solution being used by Joebox, developed by postgrad student from Switzerland.

Anubis from Vienna in the other way around use QEMU ... but if you google around you will see there is one paper written by Symantec researcher refuting on the usage of virtual machines.
Musing

Since I got this tiny meenie D430 Lattitude now I always "read" downloaded PDF files while I rest on the sofa, or simply on the floor back home.

Usually I checked for Mannheim PDF reports... seems they actively put their research works for e.g in the recent DIMVA 2008 . Apart from that UC Davis, or some other institution which have works on botnet/malware countermeasure, honeypot/net, security visualization (just recently since Bro Adli point it out) .. etc.

I'm hardly to understand cryptographic stuffs due to several reasons..though I already took it once. It seems very theoretical which some other geeks might find that interesting, but not me. Usually I'll focus on the application part... but of course who knows I'll find the love on cryptography soon.


Interesting Computer/Network Security Paper Links

Usually I just marked by FF bookmark, or just tag with Delicious add on. Now I think I want you guys to read this and comment them out. A lot, by Dawn Song of Berkeley.

click here
Image
Afterglow visual from Amun sensor

Splendid, awesome.. whatever....!



sourcefile
dotfile
csvfile
Lynis rootkit detector

I just tried Lynis, a pretty cool tool developed by a Netherlands security evangelist. Nice ...

The checking is pretty thorough.. I think neater compared to rkhunter and chkrootkit.
From Aachen to Mannheim

Well, it seems the Germanians did pretty good job on the lightweight honeypot. I just stumbled to the Thorltz's blog, and it seems that I missed something. Yet another honeypot.. amun!

Download here

Written in Python, I just got it work in seconds, prior to that you've to install python-psycho module.

See, the verbose output:

.::[Amun - Decoder] compiling siegburg xor decoder ::.
.::[Amun - Decoder] compiling plain1 shellcode ::.
.::[Amun - Decoder] compiling plain2 shellcode ::.
.::[Amun - Main] ready for evil orders: ::.
Among the services (mixed with my valid ssh service)

21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
42/tcp open nameserver
105/tcp open csnet-ns
110/tcp open pop3
135/tcp open msrpc
139/tcp open netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
554/tcp open rtsp
587/tcp open submission
617/tcp open sco-dtmgr
623/tcp open unknown
631/tcp open ipp
1023/tcp open netvenuechat
1025/…
Image
It's so 2000

I bought my first very own desktop PC when I was in my undergrad.. this machine.. still rock on.. doing some funny stuffs. Now part of it already being replaced... new CPU.. new graphic card.. new AC device(I replaced them twice, of course since they're broke already).. and new motherboard(not so new.. I guess it's around 2004). Perhaps the only artifact if I can call them are my Philips 15" monitor and the Low Yat rock solid casing (perhaps, legacy serie).


Well, the other part is my laptop.. that's the other new machine.. just 2 years back(almost) and at that time it wasn't el cheapo you know.. RM4,399 (this including the Shell's Petrol Card cost around RM300 voucher). So it's around RM4,100 (USD1500). Not so cheap at that time as well. The stressed part nowadays with the less costs I can get dual core machine.. LoL.

This old machine now running the Nepenthes sensor.. emulating few virtual nodes.

Next part is my D-Link 5 ports Ethernet switch…
Phd Phone Interview

I was interviewed by Dr Maria Papadaki from Plymouth Univ, UK regarding my Phd application. There were several Malaysians, and my officemate is doing her research phd there as well.

It took for about 45 minutes to discuss things related to the research, the process, funding etc. At first I forgot that UK is included in country which uses DST for their time. Somehow the discussion was OK, but of course given the communication distance, there was jitters.

Reminded me to Maxis's ad where people only yelled GOAL after a shortwhile. Same goes .

Hopefully I'll get conditional offer, prior to taking IELTS. Now that I can't confirmed the place, there's possibility of going places taking GRE/TOEFL, though it's tough.

Are you the like of taking *hard* problem as breakfast?
Reply for previous Purdue/CERIAS admission's pos

taken from here

Since the commenter using blogger's profile but I can't access his blog, this Prof might suits the profile > here

What an honour to have his visit to my lair here.. anyway this were his words:

All students are charged an application fee to help cover processing costs. As it is, there are many thousands of applications to the university each year.

Applications for grad programs at Purdue are considered by committees of faculty. They look at issues such as transcripts of grades, quality of undergrad program, the student essays, and especially the recommendations. Scores on tests are examined -- especially TOEFL -- and some departments look at GRE scores.

The admissions committee picks the students who the committee believes will do well in the program. If there are more qualified candidates than there are positions in the incoming class, then the students are ranked by the committee and the top ones taken to fill …
hmm... in my dreamm..!

The admission committee makes the decision in October
for spring admission
and in January for fall admission for applicants
who have submitted their
applicaiton.
You must decide on your own whetherto apply
or not.
Make sure you met the admission requirements
listed here:


Regards,
R


----------------------------------------
R
Department of Computer Science
Lawson Computer Science Building
Room 1137 B
Purdue University
305 North University Street
West Lafayette, IN 47907-2107
USA

Phone: (765)494-xxxx
Fax: (765)494-xxxx
E-mail: xxx@cs.purdue.edu
www.cs.purdue.edu/academic_programs/graduate


-----Original Message-----
From: me
Sent: Wednesday, June 25, 2008 6:25 AM
To: R
Subject: Re: Phd in CS/Cerias

Hello, I would like to know how do you select the students,
since I've to
pay USD55 for the application-so I've to be sure that
chances probability
to get in.

I ask this since CERIAS did not require GRE results
for admission, but it
seems that the it received quite a number
of applications.

If I got…
Image
[nepenthes] Using Anubis Python script

We can use this python script to automate/mocking the automated submission triggered by Nepenthes...


root@nuvox:~/binaries# ./submit_to_anubis.py * -e mailaku @ gmail.com
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=f474d3ae50475c6451031f37d2d283fd
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=357c926ee5bfeb6471185f4fb403b55c
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=0c75b6d90af30124155cf3c69cce504b
Could not submit the sample.
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=fd7ca9e064aef6d499121a4956a2d9fa
Could not submit the sample.
Could not submit the sample.
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=639c177e1ee45b44e1a472b9…
Image
[nepenthes] Screen shot of hex dumps

[nepenthes] Emulating physical nodes

Since the higher number of sensor we get, the huge coverage of outbreak we can cover, so I opt to choose the Neil's and his pal way of doing things:

for i in `seq 230 254`;do ip addr add X.X.X.$i/24 brd + dev eth0;done

This of course just cover the range of X.X.X.230 until X.X.X.254 .

Still finding method to simulate say 10,000 nodes since IPv6 address will be fine. Nobody really use ipv6 here, I guess.

Run, ip add show

You should see things similar like this:

1: lo: mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000

inet X.X.X.139/24 brd X.X.X.255 scope global eth0
inet X.X.X.230/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.231/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.232/24 brd X.X.X.255 scope global secondary eth0
inet X.X.X.23…
Image
[darknet-cymru] meet ryan conolly







I volunteering myself in any way for Cymru's Darknet Project. Actually before I attended Ryan's talk in Westin Hotel Imbi, I already read about the Cymru, IMS and CAIDA stuffs but hardly to get the picture. Now that since Ryan replying my emails and why not for a meetup.

So I asked Sharuzzaman to accompany me and we met just 11am this morning. Wow, it lasts around 3 hours, as if there was a business negotiation (laugh). Ryan nicely shared his experiences and darknet's implementation stuffs.

So I offered him whether it's possible for educational JV and why not for a "academic" talk on Darknet/security advosaries stuffs. Hope you'll arrive here in Gombak, I'll arrange a slot for, if possible. Students would be happy then.

Script to create and resize to 640x480 resolution that I used for pix above:

for i in *.jpg;do convert -size 640x480 -font helvetica -fill white -pointsize 16 -draw 'text 10,550 "Meeting with Darkn…
[clamav] submission added

source

Submission-ID: 3571791
Sender: me
Added: Trojan.Kolabc.BFY
Virus name alias:
Net-Worm.Win32.Kolabc.bfy (Kaspersky AVP)
[clamav] Submission not added

source

Erk.. somebody else already made it.

Submission-ID: 3026528
Sender: me
Submission notes: Already detected as Worm.Kolab-284
Added: No
Virus name alias:
Net-Worm.Win32.Kolabc.sd (Kaspersky AVP),
Trojan.Packed.470 (Drweb),
Packer.XComp.A (Bitdefender)
Image
[nepenthes] New binary notification

Description Risk Autostart capabilities: This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically. Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web. Joins IRC Network: The executable connects to an IRC network, most probably functioning as a zombie in a botnet. Performs Address Scan: The executable scans a range of IP Addresses. In most cases these scans identify more potential vulnerable targets.

The analysis of your file is finished.
You can find your report at http://analysis.seclab.tuwien.ac.at/result.php?taskid=81e…
[CWsandbox-mannheim and nepenthes]

Just this morning I was being alerted by the email sent by CWsandbox-mannheim. At last I received analysis email from them. It seems that one of these malwares which they analyzed considered *known* already since I already sent the binary manually to ClamAV:

click here

analysis details for Sdbot-8639 <-- just wondering where the rest 5 binaries' report..shouldn't they being analyzed as well?

analysis from different AV vendors




[clam-av and nepenthes]

Sharuzzaman mentioned to me that instead of using virustotal, we can help clam-av (which however given on Windows, I prefer to use AVG since Clam-av definition considered pretty much obselete), to update clam-av's virus definition. However, if you refer to my previous post, AVG on Linux detect less malware compared to Clam-av.

This is awesome! Means that, the new malware that I got from the junkyard in /var/lib/nepenthes, given it was/*they were* signaled by Clam-av as "OK" I must send them straight away. (Well, if you have spare time. Consider this as your social community service ;) ).

Though the submission per person restricted only up to TWO files only, you can manually email the personnel to send more than that.

Interested to help? Send using this form

Sample submission report (both malware accepted), click here

Submission-ID: 3434478
Sender: nama aku
Added: Trojan.SdBot-8639
Virus name alias:
Net-Worm.Win32.Kolabc.aws (Kaspersky AVP),
Packer.XComp.A (B…
[nepenthes] scanning with AVG

root@nuvox:/var/lib/nepenthes/binaries# ls -l
total 280
-rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-09 07:43 0c6734accaf1d500a388f690a1ef3a76
-rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-05 20:16 381dd5ff2ef3993bd92923626ee7948a
-rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-04 14:03 3d39a29913a2fe54009d491b89b01ab4
-rw-r--r-- 1 nepenthes nepenthes 41936 2008-06-03 11:04 8e072862754ef6e80831d2fd50376b43
-rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-02 16:38 ba106399aad8b515319f52fac4794a73
-rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-02 16:00 c2f699282a7a16ecf554cfbaa2724204

root@nuvox:/var/lib/nepenthes/binaries# avgscan *
AVG7 Anti-Virus command line scanner
Copyright (c) 2007 GRISOFT, s.r.o.
Program version 7.5.51, engine 442
Virus Database: Version 270.0.0/1491 2008-06-09
License type is TRIAL for WORKSTATION.
Number of days to expiration: 30
3d39a29913a2fe54009d491b89b01ab4 Virus found Win32/Virut
c2f699282a7a16ecf554cfbaa2724204 Virus found Win32/Virut
Tes…
[nepenthes] New malware coming in

I just wondering why my ClamAV did not detect the fetched malware as "malware", instead just OK. But then since nepenthes already classified it as "suspicious binary".. and why would a binary being sent to my honeypot anyway?

I also create a cron job to ensure that ClamAV updates its definition, sixth times per day.

This is the first time I was being alerted by the malware submission after I enabled the submit_norman.so line.

my very own 1st automated malware submission

The other links was being redirected to joebox.. it just shows this stuffs along with the zip file contains reports of the analyzed malware:

The attached zip document contains all kind of behaviour information which Joebox has detected.
Please note that Joebox currently only analyse file system, registry system and process system behaviour.
Analysis information about network, services and thread activities will be added in the next months.
The analysis machine which executes…
[nepenthes] submit_norman.conf config file

This was sent by Lucas

submit-norman
{
// this is the address where norman sandbox reports will be sent
email "email_aku gmail.com";
urls

("http://onlineanalyzer.norman.com/nepenthes_upload.php",
"http://luigi.informatik.uni-mannheim.de/submit.php?action=verify",
"http://147.86.135.178/joeboxservlet/submit",
"http://anubis.iseclab.org/nepenthes_action.php");
};
[Nepenthes] GOT CHA!

Living in protected LAN.. I thought I am pretty safe.. not so! I rarely checked my nepenthes /var/lib until today.. after I upgraded my Ubuntu Gutsy to Hordy... wooow...

root@nuvox:/var/lib/nepenthes/binaries# ls -l
total 192
-rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-04 14:03 3d39a29913a2fe54009d491b89b01ab4
-rw-r--r-- 1 nepenthes nepenthes 41936 2008-06-03 11:04 8e072862754ef6e80831d2fd50376b43
-rw-r--r-- 1 nepenthes nepenthes 41928 2008-06-02 16:38 ba106399aad8b515319f52fac4794a73
-rw-r--r-- 1 nepenthes nepenthes 51664 2008-06-02 16:00 c2f699282a7a16ecf554cfbaa2724204


Lemme check...!

Doesn't seems that it is clean as expected

root@nuvox:/var/lib/nepenthes/binaries# clamscan *
3d39a29913a2fe54009d491b89b01ab4: W32.Virut.ca FOUND
8e072862754ef6e80831d2fd50376b43: Trojan.DsBot-15 FOUND
ba106399aad8b515319f52fac4794a73: OK
c2f699282a7a16ecf554cfbaa2724204: W32.Virut.ci FOUND

----------- SCAN SUMMARY -----------
Known viruses: 306262
Engine version: 0.92.1
Scanned directories…
Phd Quest? :=p

It's royal pain in the back (weh, it should be harsher). Sent e-mails to the prospective supervisor.. asking for updates..

Edith Cowan Univ: My friend said better go for public univ in Western AU.. but I did checked in Wiki ECU is a public univ.. well said, since ECU having good time doing research in network security... asked and the Dr said please apply..

Victoria Wellington: NOT YET!

RMIT:
Dear mnajem,
Sure.... I am happy to supervise you.
Have you already applied to
RMIT International?
As you will starting in next year,
it would be great to do some
english courses for reading and writing,
even if you have a good IELTS.

I am currently a research project in the area
of security in "X"
systems (with other schools - Engineering and Maths),
sponsored by
the university.
It involves the protection of entreprise//"X"
networks again all the various attacks.
IDS are one of the
techniques, but there are other ones.The security researchers in RMIT did pretty much VERY Q…
Nice Updates

-I'm in the office of Deputy Dean Student Affair now. For some unknown reason I was being appointed. Work as usual.

-Will attend marriage course this week.. pfft I chose to go outside which worth RM80 because I'm too shy for RM20 course provided along with the student. Well, you know, I might get my face red ... blushing haha.

-For the Phd Quest(as what Usin said), yesterday Dr Colin told me he will ask for Dr George Mohay consideration for my application... hopefully I can get the answer faster. Victoria Wellington still yet to answer my email.. be patient.

To my fellow friend, I'll be happy if you can come to my hometown in Perak.. ;)


(Well, just wondering who'll drop to my blog anyway.. the traffic feeds seems so busy but hardly to get my writings commented)

EOF.


Adegan aku yang sengal

apsal takde network ni?
cuba ping.

ping google.com . takde pun?

hmm hmmm apsal tgk dalam icon eth connection takde lampu berkelip pun.. NIC card punye lampu pun tak berkelip.



tgk2 mcm ada benda pelik berlaku..... aa aa.. oo rupanya tercabut plug wayar d-link switch 5 port ku.. ee ee ee.. ingat tadi plug tu untuk speaker.


---aku malu sendiri bwahahahak.. nasib kantui dalam bilik sorang2 je