Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Malicious File names of the day - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Malicious File names of the day

Ok, so today is saturday. And what is a nice thing to do on a sunny morning? Yes, play with honeypot logs!:)

What follows below is a list of filenames being used downloaded/dropped malwares. This list is a consolidated data from the last month til today and is sorted by appearance:

wupdate.exe
scricon.exe
sysinfo.exe
winlolx.exe
binlw.exe
updetwinds.exe
windsservc.exe
asa.exe
windervs.exe
first.exe
ne1.exe
msv.exe
Iexplorer.exe
upgrad.exe
windowz.exe
sysmsgr32.exe
dload.exe
updetwind.exe
KBX.exe
Iexplare.exe
f1r5st83.exe
bling.exe

And what could you do with such list? Well, of course that it will not replace your AV, but you could it as a feed for a script to look for those (uncommon) filenames in your machine(s) :)

Update:

A reader sent a list from what he got last week:

h3110.411
it.exe
ssms.exe
stacture.exe
wgl23.exe
winldr.exe

 

 

------------------------------------------------------------------------

Handlers on Duty: Pedro Bueno ( pbueno //&&// isc. sans. org)

Pedro

155 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!