[SANS] Using Perl to decrypt malware.

Daniel Wesemann wrote a nicely technical little article over on SANS where he uses command-line perl scripts to decode some encrypted malware. Very educational.

s//----->\t/;$~="JAPH";s//\r<$~~/;{s|~$~-|-~$~|||s |-$~~|$~~-|||s,<$~~,<~$~,,s,~$~>,$~~>,, $|=1,select$,,$,,$,,1e-1;print;redo}

Comment on [SANS] Using Perl to decrypt malware. Download Code

Replies are listed 'Best First'.
Re: [SANS] Using Perl to decrypt malware. by zentara (Cardinal) on Aug 25, 2006 at 13:26 UTC
I heard a statistic on a news show that said , (quoting from memory), " any computer running a Microsoft OS is infected with something withing 20 minutes of connecting to the internet". Bill Gates and the NSA sure are smart. :-) I'm not really a human, but I play one on earth. Cogito ergo sum a bum	[reply]
Re^2: [SANS] Using Perl to decrypt malware. by marto (Cardinal) on Aug 25, 2006 at 13:52 UTC
Yes this story rings a bell. The news story I heard was a PC was purchased from PC World (Large UK chain store), unpacked from the boxes and connected to the internet. Within 20 minutes the machine had been compromised. On a similar note check out Security Report: Windows vs Linux, Open Source is Inherently Dangerous, reference 3.	[reply]