Evaluating malware from a network perspective

A few days ago, my HIPS software blue screened three separate machines after an update. Fearing a problem with the HIPS software, I disabled it on all three machines while I troubleshot them.

Today while looking through my HIPS log like a good sec analyst, I see an interesting event logged on one of the hosts. The file c:\windows\system32\wbem\unsecapp32.exe (MD5: 60f8ea044b96b7ae8c1a55571d7e2c70) tried to contact on port 7654. Google searching for the file name produced little help beyond this (the fact that AhnLabís AV engine didnít detect this one leads me to believe itís a relatively new variant) mcwresearch.com Ľ Evaluating malware from a network perspective

Linked by shanmuga Friday, 4th May 2007 2:23AM