Author Topic: Malware Analysis Blogs  (Read 79531 times)

0 Members and 2 Guests are viewing this topic.

December 07, 2007, 04:21:45 am
Read 79531 times

sowhat-x

  • Guest
"Quick reference bookmark" of all security/malware-related blogs mentioned around:
note also that quite a few of the following blogs also support RSS feeds.

Any other blogs/sites of similar content you might stumble upon,
don't just feel free to add them...feel obligated to do so:
knowledge and information should be free for all.
From time to time,submitted links will be 'moved' in the beginning of thread,
with appropriate credits of course to the people that made mention of them.  :)
============================================================

List Last Updated -> 01 Jan 2009
Credits go up to -> brewt , cjeremy , JohnC , tjs, sowhat-x, SysAdMini and UsAr  :)


zairon's Blog
http://zairon.wordpress.com/
Malware analysis,reverse engineering,cryptography...

teamfurry's MW-Blog
http://www.teamfurry.com/
...just scroll down the page,in order to get...a free haircut from toni :D
Make sure you also take a visit at his forum.

Edgar Bangkok's Blog
http://edetools.blogspot.com/
Malware hunter,some nifty tools in his blog also... ;)

DISOG
http://www.disog.org/
Plus...
http://www.disog.org/blog/
Digital Intelligence and Strategic Operations Group

SecureWorks Blog
http://www.secureworks.com/research/blog/
Plus...
http://www.secureworks.com/research/threats/

Websense Security Labs Blog
http://www.websense.com/securitylabs/blog/
Very nice malware analysis/reviews here also,
certainly one of the best blogs out there,
when it comes to analyzing recently found 'in-the-wild' malware.  :)

Arbor Networks Blog
http://asert.arbornetworks.com/
Excellent blog from the Arbor Security Engineering & Response Team (ASERT)...

Dancho Danchev's Blog
http://ddanchev.blogspot.com/
Articles regarding new malware/exploits found in the wild and security in general...

Spamhuntress' Blog
http://spamhuntress.com/
And a list of very useful tools in the wiki:
http://spamhuntress.com/wiki/Tracing_tools

Secure Science Blog
http://www.securescience.net/securescienceblog.html
Check out the papers/source code in the posts regarding GPCode and RansomWare.

Bharath M Narayan's Blog
http://bharath-m-narayan.blogspot.com
Looks for new rogues,malicious websites etc...

Evilcodecave's Weblog
http://evilcodecave.wordpress.com/
As the author says in the main page..."Just another RCE Weblog"  ;)
Here is his "Dark Cave" as well:
http://evilcry.netsons.org/

Jan Gerrit Göbel's Blog
http://zeroq.kulando.de/
Take also a note in his "Infiltrator" script,quite nifty tool... :)

RBNExploit Blog
http://rbnexploit.blogspot.com/
Keeping track in the current state of evolution of the Russian Business Network...

Matchent's Blog
http://matchent.com/wpress/
The author states..."Mostly about spam"... 8)

C.I.S.R.T. 's Blog
http://www.cisrt.org/enblog/
Chinese Internet Security Response Team here...

dxp2532 's Blog
http://dxp2532.blogspot.com/
Neosploit,Icepack,Mpack...and general other malware samples analysis.
Also the author of 'unhash',an open-source MD5/SHA1 hashes bruteforce tool...
http://freshmeat.net/projects/unhash/

Swatkat's Blog
http://swatrant.blogspot.com/
Malware,fake codecs,rogue apps in general etc...
Author of the SysProt rootkit detector also.

Flash's Security Blog
http://flashbladez.blogspot.com/
Fake codecs,sites with rogue apps etc...

TrustedSource Blog
http://www.trustedsource.org/TS?do=threats&subdo=blog
Check also the 'Storm Tracker' in their site...

DShield / SANS Diary
http://www.dshield.org/diary.html
http://isc.sans.org/diary.html
Internet Storm Center's blog... :)

m4v3rick100's Blog
http://maipiugromozon.blogspot.com/
Focuses in Gromozon and other malware as well...

'Push the Red Button' Blog
http://moyix.blogspot.com/
As he says...'Malware,encryption,reverse engineering,networking and other arcana'.
Author of CredDump,a port of 'CacheDump' under Python:
http://code.google.com/p/creddump/

SpywareGuide's Greynets Blog
http://blog.spywareguide.com/
From FaceTime Security Labs - malware,phishing,botnets and more...  :)

MNIN Security Blog
http://mnin.blogspot.com/
Michael Hale Ligh's Blog - "Coding, Reversing, Exploiting"...

Storm Binary Tracker
http://sudosecure.net/
cjeremy's site - tracking down the well-known malware...excellent work... ;)

SecurityZone
http://www.securityzone.org/
Steven Adair's Blog (from Shadow Server Foundation)

Dynamoo's Blog
http://www.dynamoo.com/blog/
Per official statement...'Spam, security, scams, spin and stuff'.

iAntiVirus Blog
http://blog.iantivirus.com/
Research involving viruses, spyware and malware on Mac OS X systems.

Abuse.ch
http://www.abuse.ch/
The Swiss Security Blog: written in German language,ie.use Google Translate etc...

Temerc's Blog
http://temerc.blogspot.com/
And the main site as well...(it also provides malware removal instructions):
http://temerc.com/

S!Ri 's Blog
http://siri-urz.blogspot.com/
From the author of the well-known 'SmitFraudFix' disinfection utility.

Security4all
http://security4all.blogspot.com/

ScanSafe STAT Blog
http://blog.scansafe.com/

s3c-watch Blog
http://s3cwatch.wordpress.com/

SRI Malware Threat Center
http://mtc.sri.com/
Make sure you check out the info provided under the "Data Analysis" tab:
Snort signatures are provided,ip addresses,various kinds of statistics as well...

MX Lab's Blog
http://blog.mxlab.be/
Per statement,"...an aqcuired taste for viruses and spam"...  ;D

Ilion's Blog
http://ilion.blog47.fc2.com/
Very nice work regarding tracking down infected sites,sql injections etc.
For Japanese-speaking people  ;)

PC Security Labs
http://www.pcsecuritylabs.net/
Good friends of ours  ;)
Jeffrey's personal blog as well:
http://www.pcsecuritylabs.net/jeffrey/

Gary Warner's Blog
http://garwarner.blogspot.com/
Per statement:"A Blog about Cyber Crime and related Justice issues"

'I Kill Spammers' Blog
http://ikillspammers.blogspot.com/

SecureBlog
http://www.secureblog.info/
Malware analysis,security articles etc / for Russian language speaking people.

'Spyware Sucks' Blog
http://msmvps.com/blogs/spywaresucks/default.aspx

Roger Thompson's Blog
http://thompson.blog.avg.com/
Blog from the Chief Research Officer at AVG - his previous blog as well:
http://explabs.blogspot.com/

Hosts News
http://msmvps.com/blogs/hostsnews/

Secure Home Networks' Blog
http://securehomenetwork.blogspot.com/

Ocean's InsecLab
http://inseclab.netsons.org/

Cedric Pernet's Weblog
http://bl0g.cedricpernet.net/
Both English/French versions available...

Web Robots Abuse Blog
http://web-robot-abuse.blogspot.com/
"Web robots are visiting sites to hack,spam,email harvest and to scrap your website contect for profit.
This blog is an attempt to keep track of them and to help webmasters by listing the abuse in google."

RealSecurity
http://realsecurity.wordpress.com/
Analysis of malware, reverse engineering, etc

xpl0it Analysis
http://xanalysis.blogspot.com/
Dedicated to incident, exploit and malware analysis

CERT-LEXSI Weblog
http://cert.lexsi.com/weblog/index.php/en

FireEye Malware Intelligence Lab
http://blog.fireeye.com/research/

Marco Cova's Blog
http://www.cs.ucsb.edu/~marco/blog/
One of the autors of Wepawet

================================================

Blogs/sites related to JavaScript,PHP issues,browser bugs etc...

Gareth Heyes's Blog
http://www.businessinfo.co.uk/index.php

Jake Smith's Blog
http://www.thespanner.co.uk/

Ronald van den Heetkamp's Blog
http://www.0x000000.com/index.php
Check the 'Archive' for previous posts,they're listed in a very nice taxonomy...

GNUCitizen
http://www.gnucitizen.org/

XSSed Project
http://www.xssed.com/
"Zone-H" for...XSS attacks  ::)

================================================

Official blogs from AV/Security products' companies...

VirusList - Analyst's Diary
http://www.viruslist.com/en/weblog
Maintained by Kaspersky Lab's analysts...

F-Secure's Blog
http://www.f-secure.com/weblog/

McAfee Avert Labs Blog
http://www.avertlabs.com/research/blog/

Sophos' Blog
http://www.sophos.com/security/blog/

TrendMicro's Blog
http://blog.trendmicro.com/

ESET's Blog
http://www.eset.com/threat-center/blog/

Sunbelt's Blog
http://sunbeltblog.blogspot.com/

ThreatFire / ThreatExpert Blogs
http://blog.threatfire.com/
http://blog.threatexpert.com/
From the 'PC Tools' Advanced Research Team...

Prevx Blog
http://www.prevx.com/blog.asp

Finjan MCRC Blog
http://www.finjan.com/MCRCblog.aspx

Microsoft's anti-malware Blogs as well... ;)

Anti-Malware Engineering Team Blog
http://blogs.technet.com/mmpc
Their older page as well (not all articles/content has been moved yet):
http://blogs.technet.com/antimalware/

================================================

...the following aren't 'blogs',but the usual "good-old-design" websites...  :D

Peter Ferrie's Site
http://pferrie.tripod.com/
The personal site of the well-known virus analyst:
previously worked for Symantec,currently in Microsoft Corporation...
Has lots of virus analysis papers...  8)

Peter Szor's Site
http://www.peterszor.com/
The author of the "Art of Computer Virus Research and Defense" book:
lots of articles and papers in the "Research" area...

Offensive Computing
http://www.offensivecomputing.net/
The biggest public repository of malware samples.
Even more,the first site that "broke" the taboo of sharing malware samples in public,
thereby making them accessible to individual researchers...
Are you in the need of getting access to a specific sample?Here's your best chance... :)

VX Heavens
http://vx.netlux.org/
...by far the most widely known vx resource in the net,
along with the famous magazines of the 29A team...
http://vx.org.ua/29a/
Malware trends come and go,but most of the techniques already documented get recycled...

InDetails
http://indetails.info/
Frequently updated with newer stuff to read / for Russian language speaking people...

SpamWiki
http://spamtrackers.eu/
Excellent wiki,dedicated in tracking spammers' activity...

June 25, 2008, 04:32:22 am
Reply #1

spywarebox

  • Newbie

  • Offline
  • *

  • 4
Here is a security blog from Paretologic:

http://blogs.paretologic.com/malwarediaries

Authored by two members of our ParetoLogic S.W.A.T. team (Spyware Analysis Team), Malware Diaries gives you an inside look at what is going on in the world of spyware and malware and how to secure your computer and yourself from new and emerging online threats.

June 29, 2008, 09:11:07 am
Reply #2

sowhat-x

  • Guest
Metallica's Blog
http://www.pieter-arntz.info/wordpressblog/
Moderator over at CastleCops,Cexx,GeeksToGo etc...need to say more?  :)

July 02, 2008, 07:11:28 pm
Reply #3

Metallica

  • Special Access
  • Newbie

  • Offline
  • *

  • 4
    • Remove & Prevent Spyware
Metallica's Blog
http://www.pieter-arntz.info/wordpressblog/
Moderator over at CastleCops,Cexx,GeeksToGo etc...need to say more?  :)

Thanks.  8)

July 11, 2008, 03:27:41 pm
Reply #4

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

July 22, 2008, 03:14:21 pm
Reply #5

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
http://www.spamzy.com
A blog regarding spam and rogue software.

July 22, 2008, 05:27:22 pm
Reply #6

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

August 02, 2008, 09:04:32 pm
Reply #7

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

August 06, 2008, 04:02:26 pm
Reply #8

Serg

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 132

August 22, 2008, 08:41:29 pm
Reply #9

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

September 07, 2008, 11:01:46 pm
Reply #10

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

September 10, 2008, 09:15:41 pm
Reply #11

amesdaq

  • Special Members
  • Newbie

  • Offline
  • *

  • 4
    • http://www.WebsenseSecurityLabs.com
Just a correction on this.

Quote
Websense Security Labs Blog
http://www.websense.com/securitylabs/blog/
Very nice malware analysis/reviews here also,
they're somehow related to SecureWorks mentioned previously...

We are not in any way related to SecureWorks other than the fact we work with various security researchers on some issues.
Ali Mesdaq (CISSP, GIAC-GREM)
Sr. Security Researcher
Websense Security Labs
http://www.WebsenseSecurityLabs.com

September 10, 2008, 10:24:10 pm
Reply #12

sowhat-x

  • Guest
Most probably at some moment I had mis-read something in some blog entry...  :-[
Obviously sorry for that,as this was my fault...fixed it  :)

October 16, 2008, 05:47:51 pm
Reply #13

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

February 18, 2009, 12:34:34 pm
Reply #14

hzqedison

  • Newbie

  • Offline
  • *

  • 2
Kingsoft Internet Security Blog
http://blog.duba.net/