SANS ISC: Malicious File names of the day - SANS Internet Storm Center

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

SANS ISC InfoSec Forums

Ok, so today is saturday. And what is a nice thing to do on a sunny morning? Yes, play with honeypot logs!:)

What follows below is a list of filenames being used downloaded/dropped malwares. This list is a consolidated data from the last month til today and is sorted by appearance:

wupdate.exe
scricon.exe
sysinfo.exe
winlolx.exe
binlw.exe
updetwinds.exe
windsservc.exe
asa.exe
windervs.exe
first.exe
ne1.exe
msv.exe
Iexplorer.exe
upgrad.exe
windowz.exe
sysmsgr32.exe
dload.exe
updetwind.exe
KBX.exe
Iexplare.exe
f1r5st83.exe
bling.exe

And what could you do with such list? Well, of course that it will not replace your AV, but you could it as a feed for a script to look for those (uncommon) filenames in your machine(s) :)

Update:

A reader sent a list from what he got last week:

h3110.411
it.exe
ssms.exe
stacture.exe
wgl23.exe
winldr.exe

------------------------------------------------------------------------

Handlers on Duty: Pedro Bueno ( pbueno //&&// isc. sans. org)