[dba-Tech] Skype compromised?

Hans-Christian Andersen hans.andersen at phulse.com
Tue Jan 29 05:16:12 CST 2013


If you want to trace the IP, just install wireshark and watch the tcp packets flow. :)

But, yes, if you want to see what these guys are trying to exploit, then a VM (or separate machine altogether) would be the way to go. I don't know if they are getting any smarter though, because they could easily tell quickly if they are running within a VM if they knew where to look (system hardware, for instance).

Regarding doing a filesystem comparison, you could just mount the VM image as a loopback device and the system will treat it like if it was a hard drive (well, in linux / unix / mac systems anyways. with windows, as always, good luck and have your credit card handy just in case). Then, mounted as a hard drive, you can run any file system tool for comparison (bear in mind, this could be tricky, since windows touches a lot of files on the fly, so it might be hard to determine which files are relevant or not).

With virtualbox, for instance: http://bethesignal.org/blog/2011/01/05/how-to-mount-virtualbox-vdi-image/


- Hans



On 2013-01-29, at 2:54 AM, Arthur Fuller <fuller.artful at gmail.com> wrote:

> Well, it seems that we have achieved consensus world-wide (gotta love this
> internet thing!). I'm now wondering whether there's a way to accept the
> call, long enough to trace it (of course the caller might be anonymizing),
> from within a sandbox such as a VM, so that if anything is secretly
> installed, it's only within that VM, which could then be inspected in
> detail, without placing the host at risk. Which begs the question, Is there
> a "sysdiff" utility that could inspect two otherwise identical VMs, one of
> which accepted the call?
> 
> A.
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com



More information about the dba-Tech mailing list