Thursday, October 26, 2006

Analysis and Identification in Action using Cisco MARS

The guys over at Priveon have a good article here on Cisco MARS in action in the Analysis and Identification of the Blackworm email worm. (CME-24)

If you dont know Blackworm, also known as BlackWorm/Nyxem/Blackmal/Blueworm/Grew was scheduled to delete certain file types on Feb 3, 2006, a very nasty piece of work.

More info on Blackworm here and more info on CME (Common Malware Enumeration) Identifiers here.

1 comment:

david marsh said...

Hi Chris! Thanks for posting the info - we are continuing to train and implement MARS over at Priveon. I would like to have a discussion with you offline about what you are doing with MARS and your upcoming articles and topics on MARS. We have more research articles planned based on some large MARS projects we have underway.