Sunday, December 27, 2009

eatable SPAM

yummy.. SPAM with honey grail..

Sunday, December 20, 2009


Wednesday, December 9, 2009

Google Chrome for Linux..

Finally, after waiting and waiting.. and after reading the comics in the website i realize why..
It can be seen here

And can be downloaded here

support for Debian/Ubuntu/Fedora/openSUSE

Tuesday, December 8, 2009

Nepenthes + PHARM - SurfIDS = Test Dulu

PHARM or nepenthes pharm is a client/server tool to manage, report and analyze all your distributed nepenthes instances from one interface. Sounds interesting. Before this I developed nepenthes and OpenVPN plugin for Webmin, looking foward for nepenthes client and integrate them with SurfIDS, but I think it is the end of it :-(

(click image for larger visual)

PHARM has 3 main components:
  • Server
  • Client (Implement on nepenthe honeypot)
  • Web Portal (View data collected from sensor)
More info and screenshot are here:

Wednesday, December 2, 2009


Some malware become famous because of their behaviour and now I found a malware that hide all your word documents and replace it with their copy of .exe files with the same name and icon as each of the hidden word documents before. It become dangerous when you did not set for not "hiding extensions for known file types" in folder options. It is because you cannot distinguish the changes made by the malware and it become worse when you attach the file in email and spread the malware to other computers by email. So please be aware of this malware by view the properties of the file before executing it. The malware will appear as "Application" rather than as "word documents". I'll post more on the detail of the analysis of this malware later and for this post just how to recover your file back.

First, open your command prompt by start>run and type cmd and press enter. In the command prompt, type your drive letter with double colon. (eg. if your pendrive labeled as I: in your "My Computer", just typed I: and press enter)

Then type:

dir /A:H
This command will view all the hidden files in your drive including the files that been hidden by the malware (if working properly)

Then to remove the hidden attribute of the files just type:

attrib -S -H -R *.doc
This command will remove the System Files (-S), Hidden (-H) and Read Only (-R) attributes for all .doc files int the drive. Please take note that the hidden attribute cannot be remove using properties.

Thats all for now and dont hesititate to ask if having any problems.