CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 952
Comments: 28
block bottom
spacer spacer
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin   Your Favorite ForumsSelect FavForums 

New Malware Listserv Forum for MIRT Samples

 
Post new topic   Reply to topic       All -> FavForums -> Unknown Files [del.icio.us!] [digg it!] [reddit!]
View previous topic :: View next topic  
Author Message
Paul

CastleCops Founder


Joined: Feb 22, 2002
Posts: 27351

Administrators Firetrust Forums Admin MIRT Moderators MVP Phishing Squad Premium Team CC Committee

PostPosted: Sun Nov 12, 2006 7:49 pm    Post subject: New Malware Listserv Forum for MIRT Samples
Reply with quote

Folks, nosirrah had a brilliant idea of creating another forum just for mirt handler sample attachments:

CastleCops Link/f269-Malware_Listserv.html

All subsequent MIRT handler posts will be there, and then sent out across the wire periodically.

This means the current unknown files forum will continue to be used as before, by anyone who wants to submit an unknown file. In that case, the posts won't get lost and will be attended to by mirt handlers, security experts, et al.

Thank you all.


_________________
Paul Laudanski - http://www.laudanski.com
http://www.linkedin.com/pub/1/49a/17b
Back to top
View users profile Send private message Send email Visit posters website
TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13114
Location: Netherlands
MIRT Moderators MVP Premium Security Experts

PostPosted: Sun Nov 12, 2006 7:54 pm    Post subject:
Reply with quote

I think I'm starting to lose track of how things work here... LOL!

One question: are all files uploaded in the Unknown Files forum now automatically forwarded to all developers, if they're confirmed malware?


_________________
Tony image CLSID List
Back to top
View users profile Send private message
PCBruiser

SRT Team Lead
SRT Team Lead
Forums Admin

Joined: May 11, 2005
Posts: 11723

1st Responder Mentors 1st Responders Forums Admin MIRT Moderators Premium Rootkit Experts Security Experts SRT Team CC Committee

PostPosted: Sun Nov 12, 2006 7:55 pm    Post subject:
Reply with quote

Paul, would you like me to move all the applicable threads over to the new forum?

Edit: Oops, I see that has already been done.


_________________
Don't read? Can't learn!
Back to top
View users profile Send private message
nosirrah

Security Expert
Special Response Team

Joined: Apr 19, 2006
Posts: 6299
Location: USA
MIRT MVP Premium Rootkit Responders Security Experts SRT

PostPosted: Sun Nov 12, 2006 8:00 pm    Post subject:
Reply with quote

MIRT handlers will evaluate what is submitted here (unknown file forum) .

The handlers will resubmit the malware samples here : CastleCops Link/f269-Malware_Listserv.html .

Twice a day samples from the new Malware Listserv will be distributed to all vendors via software Paul has coded .
Back to top
View users profile Send private message Send email
TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13114
Location: Netherlands
MIRT Moderators MVP Premium Security Experts

PostPosted: Sun Nov 12, 2006 8:03 pm    Post subject:
Reply with quote

Thank you. Now I know what not to submit to vendors myself. Smile


_________________
Tony image CLSID List
Back to top
View users profile Send private message
Paul

CastleCops Founder


Joined: Feb 22, 2002
Posts: 27351

Administrators Firetrust Forums Admin MIRT Moderators MVP Phishing Squad Premium Team CC Committee

PostPosted: Sun Nov 12, 2006 8:34 pm    Post subject:
Reply with quote

Thanks for answering Bruce. Yes Tony, we're moving to an hourly distribution, but not yet. We've got 154 subscribers to the listserv at the moment. Plus starting this week we are ftp'ing the files to three locations. There has also been requests for XML feeds.

We're going to move MIRT Handlers to a similar system as PIRT uses. But at the moment we're taking baby steps.

So developers and SEs have access to both download sections as well.

This way we can get back to using unknown files as it was used prior to MIRT, and OP logs/files won't be lost in the fray.


_________________
Paul Laudanski - http://www.laudanski.com
http://www.linkedin.com/pub/1/49a/17b
Back to top
View users profile Send private message Send email Visit posters website
TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13114
Location: Netherlands
MIRT Moderators MVP Premium Security Experts

PostPosted: Sun Nov 12, 2006 8:37 pm    Post subject:
Reply with quote

Thank you Paul. I did subscribe myself, but I gather that, as long as I'm monitoring both forums, the Listserv will not provide me with more files than the ones uploaded here.

I may just disable that List option then, as I'm getting quite enough mail already as it is... Wink


_________________
Tony image CLSID List
Back to top
View users profile Send private message
Paul

CastleCops Founder


Joined: Feb 22, 2002
Posts: 27351

Administrators Firetrust Forums Admin MIRT Moderators MVP Phishing Squad Premium Team CC Committee

PostPosted: Sun Nov 12, 2006 9:56 pm    Post subject:
Reply with quote

The listserv will be receiving the pirt malware attachments. Something the forum may not see.


_________________
Paul Laudanski - http://www.laudanski.com
http://www.linkedin.com/pub/1/49a/17b
Back to top
View users profile Send private message Send email Visit posters website
TonyKlein

Site Moderator
Microsoft MVP

Joined: Oct 15, 2002
Posts: 13114
Location: Netherlands
MIRT Moderators MVP Premium Security Experts

PostPosted: Sun Nov 12, 2006 10:13 pm    Post subject:
Reply with quote

Ah, OK...


_________________
Tony image CLSID List
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       All -> FavForums -> Unknown Files All times are GMT
Page 1 of 1

 
Quick Reply:
Username: 

Quote the last message
Attach signature (signatures can be changed in profile)
 
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You cannot download files in this forum


Powered by phpBB © 2001 phpBB Group
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
194ppm 0.305s (0.043s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer