Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-09-15 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Malicious File names of the day

Published: 2007-09-15
Last Updated: 2007-09-15 17:20:00 UTC
by Pedro Bueno (Version: 1)
0 comment(s)

Ok, so today is saturday. And what is a nice thing to do on a sunny morning? Yes, play with honeypot logs!:)

What follows below is a list of filenames being used downloaded/dropped malwares. This list is a consolidated data from the last month til today and is sorted by appearance:

wupdate.exe
scricon.exe
sysinfo.exe
winlolx.exe
binlw.exe
updetwinds.exe
windsservc.exe
asa.exe
windervs.exe
first.exe
ne1.exe
msv.exe
Iexplorer.exe
upgrad.exe
windowz.exe
sysmsgr32.exe
dload.exe
updetwind.exe
KBX.exe
Iexplare.exe
f1r5st83.exe
bling.exe

And what could you do with such list? Well, of course that it will not replace your AV, but you could it as a feed for a script to look for those (uncommon) filenames in your machine(s) :)

Update:

A reader sent a list from what he got last week:

h3110.411
it.exe
ssms.exe
stacture.exe
wgl23.exe
winldr.exe

 

 

------------------------------------------------------------------------

Handlers on Duty: Pedro Bueno ( pbueno //&&// isc. sans. org)

Keywords:
0 comment(s)
Diary Archives