Comments on: Dumb Malware Authors Cause More Damage Than Smart Ones http://blogs.mcafee.com/mcafee-labs/dumb-malware-authors-cause-more-damage-than-smart-ones Tue, 29 Nov 2011 07:51:20 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Diego Carvalho http://blogs.mcafee.com/mcafee-labs/dumb-malware-authors-cause-more-damage-than-smart-ones/comment-page-1#comment-24257 Diego Carvalho Fri, 30 Oct 2009 19:50:53 +0000 http://www.labs.com/research/blog/?p=1795#comment-24257 Hey Pedro, Who is the dumbest, the good (smart) malware coder ou the bad (dumb) one? Hey Pedro,

Who is the dumbest, the good (smart) malware coder ou the bad (dumb) one?

]]> By: jon http://blogs.mcafee.com/mcafee-labs/dumb-malware-authors-cause-more-damage-than-smart-ones/comment-page-1#comment-24247 jon Fri, 12 Jun 2009 18:59:55 +0000 http://www.labs.com/research/blog/?p=1795#comment-24247 lolo i want to find this pws sample to study it lolo i want to find this pws sample to study it

]]> By: darkmoon http://blogs.mcafee.com/mcafee-labs/dumb-malware-authors-cause-more-damage-than-smart-ones/comment-page-1#comment-24246 darkmoon Fri, 12 Jun 2009 14:33:28 +0000 http://www.labs.com/research/blog/?p=1795#comment-24246 That might be the case, but it also makes tracking a lot easier. It's the ones that know how to obfuscate their data that make tracking them challenging, but also frustrating if they're very good at what they do. So it kind of plays in both sides. Yes, that's bad coding. While it's not a feat of genius, I would rather them being dumb than smart and cause some serious damage. That might be the case, but it also makes tracking a lot easier. It’s the ones that know how to obfuscate their data that make tracking them challenging, but also frustrating if they’re very good at what they do.

So it kind of plays in both sides. Yes, that’s bad coding. While it’s not a feat of genius, I would rather them being dumb than smart and cause some serious damage.

]]> By: Erik http://blogs.mcafee.com/mcafee-labs/dumb-malware-authors-cause-more-damage-than-smart-ones/comment-page-1#comment-24245 Erik Fri, 12 Jun 2009 07:48:49 +0000 http://www.labs.com/research/blog/?p=1795#comment-24245 Very interesting! The latest version of NetworkMiner (0.88) can extract SQL credentials directly from a pcap or by sniffing data. Have you tried sniffing the traffic from the PWS-Banker.gen.i with NetworkMiner to extract the SQL credentials used by the worm? It would probably be a simple thing to do for people at home… Just sniff your network with NetworkMiner while doing your banking, then watch the “Credentials” tab in NetworkMiner to see if someone has stolen you credentials and posted them elsewhere. Network Miner is available here: http://sourceforge.net/projects/networkminer/ Very interesting!

The latest version of NetworkMiner (0.88) can extract SQL credentials directly from a pcap or by sniffing data. Have you tried sniffing the traffic from the PWS-Banker.gen.i with NetworkMiner to extract the SQL credentials used by the worm?

It would probably be a simple thing to do for people at home… Just sniff your network with NetworkMiner while doing your banking, then watch the “Credentials” tab in NetworkMiner to see if someone has stolen you credentials and posted them elsewhere.

Network Miner is available here:
http://sourceforge.net/projects/networkminer/

]]>