Tillmann Werner

May 24, 2010

Waledac’s Anti-Debugging Tricks

The last spreading malware version of Waledac, a notorious spamming botnet that has been taken down in a collaborative effort lead by Microsoft earlier this year, […]
February 19, 2010

Dissecting the SotM Attack Trace Pcap

Hi everybody, our first Scan of the Month Challenge in 2010 is over! We received 91 submissions in total, and some parts of the solutions are […]
August 9, 2009

Native Language Spam

Today I received a spam email from “Sicherheits-Center” (“security center”) with subject “Vorsicht! Ihr Paypal-Konto wurde begrenzt!” (“Attention! Your paypal account has been restricted!”). Not only […]
July 10, 2009

Conficker.A going down?

Conficker contains a piece of code that has been object of speculation: It does not infect boxes located in the Ukraine. Before sending an exploit, it […]
June 8, 2009

nebula – Client library and revised signature segment selection

    One project mentored by the Honeynet Project during GSoC aims at improving nebula, an automated intrusion signature generator. There are two critical components in the […]
April 15, 2009

Simple Conficker Scanner v2

Today we released version 2 of our Simple Conficker Scanner (SCSv2). It contains a new scanning method which allows for detection of machines infected with the […]
April 2, 2009

Conficker Online Detection

Joe Stewart from the Conficker Working Group has created an eye chart that allows for online identification of Conficker B and C infections. The idea of […]
March 30, 2009

Detecting Conficker

As you know, bad things are going to happen on April 1st: people will be sending out emails to their friends, telling silly jokes and putting […]
November 4, 2008

MS08-067 exploitation in the wild

(This article was originally published at http://honeytrap.mwcollect.org/msexploit.) If you followed IT security related blogs or mailinglists lately, you are aware that a critical server service vulnerability […]