Hacking The Dead Cow

Sean Michael Kerner
In the annals of computer “(in)security,” few groups are as well known as the
Cult of the Dead Cow (cDc).

They are now adding a new chapter to their
infamous history with the release of a new malware search engine that
enables researchers to analyze over 31,000 “hostile” files.

It’s all part of
an effort the cDc calls “offensive computing.”

Originally founded in 1984, cDc and its members are well known for a number
of their efforts over the past 22 years.

Perhaps most notably is their Back
Orifice application, which debuted in 1998 as a network backdoor that enabled full remote control of a system,
including process, passwords and file system (essentially a first-generation
Trojan).

Back Orifice was updated in 2000 as B02K and is currently
maintained as an open source project on the SourceForge.net code repository.

In cDc’s new offensive computing strategy, the group is turning its skills
toward hacking malware.

Part of the effort is the malware search engine,
which is geared toward increasing the knowledge around malware to better
improve detection and removal.

There is
also a relationship between the Malware search effort and that hatched last month by H.D. Moore of Metasploit fame; it uses Google to find malicious
code.

“We use Google from time to time, and we worked with H.D. Moore on his Google
malware search project,” Val Smith a cDc member and part of the offensive computing effort, told
internetnews.com. “We provided him signatures to search on).”

Smith explained that his group has written some code to do auto analysis of
malware.

“People upload it directly to the site, or provide me with archives
over e-mail, and then we load it into our auto analyzer,” Smith said.

“Once
the analysis is done, that data gets put into the database which people can
search. We have large collections of malware sitting around waiting to be
bulk processed.”

Access to the offensive computing malware search requires user registration,
though only a valid e-mail address is required for the registration.

While most of the major AV vendors, including McAfee, Symantec, Panda Labs,
Sophos and others, provide online libraries of vulnerabilities, there are a
few things that offensive computing provides that the commercial vendors do
not.

For one, offensive computing provides downloadable samples of the malware in
question.

It also includes a clear warning to users: “This site contains
samples of live malware. Use at your own risk.”

This article was first published on Internet News, a JupiterWeb site. To read the entire article, click here.

Previous article
Getting to the Root of Rootkits
Next article
Exploit Looks For Unpatched Windows Servers
Sean Michael Kerner
Sean Michael Kerner
Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

Latest articles

Top Cybersecurity Companies

Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter!
Subscribe to Cybersecurity Insider for top news, trends & analysis
This email address is invalid.

Related articles

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

Advertisers

Advertise with TechnologyAdvice on eSecurity Planet and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2023 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.