WHAT'S HOT
PARTS:
Part 3
Part 4
Part 5
Part 6
Part 7
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Part 16
Part 17
Part 18
Part 19
Part 20
Part 21
Part 22
Prev | Current Page 121 | Next

Harold F. Tipton and Micki Krause

"Information Security Management Handbook, Sixth Edition, Volume 2"


Submitted samples are analyzed in their respective sandboxes
and the results are e-mailed back to the submitter. The sample
is placed in the sandbox, in a virtual environment, and
executed. The sandbox records all ?¬?
les opened, all
connections attempted, all ?¬? les that the malware attempts to
download.
Sandbox analysis can provide C&C server
IP addresses or DS names, bot channel
names, user IDs and passwords, download
sites for malware, scanning software, spam
templates, lists of e-mails, and download
package names.
62  Information Security Management Handbook
Table 4.2
(Continued)
Fiddler
Developed by Microsoft as part of the Strider project. Fiddler is
a Web browser proxy that records, for analysis, the Web sites
through which a browser is redirected when a site is visited
and the actions taken during each visit.
Can reveal Web sites that upload malware as
well as the structure of sites involved in
search engine spam.
Google searches
A method for discovering Web vulnerabilities using search
engines. It was popularized by the book Google Hacking for
Penetration Testers, by Johnny Long. Two useful examples:
(1) Use the search phrase ???phpbb site:??? to ?¬? nd
phpBB sites. Check these sites for evidence that they have
been abandoned by users and taken over by spammers.
(2) Use the search phrase ???phentermine site:???
to locate Web sites that may have been co-opted by
spammers to sell the popular diet pill.


Pages:
109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133
Tapestry 5: Building Web Applications (page 449) Professional Windows PowerShell for Exchange Server 2007 Service Pack 1 (page 527) Digital Photography QuickSteps, 2nd Edition (page 971)