malware
Sponsored Links
Sponsored Links
Secleted [ 0 ] software to compare
Results 1 - 15 of about 13
labrea 2.5
labrea is a intrusion detection / sticky honey pot technology using virtual servers to detect malware. more>>
LaBrea is a intrusion detection / "sticky" honey pot technology using virtual servers to detect malware. LaBrea takes over unused IP addresses, and creates virtual servers that are attractive to worms, hackers, and other denizens of the Internet. The program answers to connection attempts in a way that the machine at the other end gets "stuck", sometimes for a very long time.
LaBrea works by watching ARP requests and replies. When the pgm sees consecutive ARP requests spaced several seconds apart, without any intervening ARP reply, it assumes that the IP in question is unoccupied. It then "creates" an ARP reply with a bogus MAC address, and fires it back to the requester.
An example (from a tcpdump of LaBrea running on my network):
14:18:28.832187 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1
14:18:29.646402 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1
14:18:31.707295 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1
14:18:31.707574 ARP reply xx.xx.xx.13 is-at 0:0:f:ff:ff:ff
There is no xx.xx.xx.13 machine on my network. In this case, the timeout was set to 3 seconds (its a command line parameter), and when that final "who-has" came in, the "is-at" reply that you see was generated by LaBrea.
There isnt a MAC address of 0:0:f:ff:ff:ff either. It doesnt exist.
But now, the router (xx.xx.xx.1) believes that there some machine at xx.xx.xx.13, and that it resides on the MAC address 0:0:f:ff:ff:ff, and so it dutifully sends packets on. In
essence, weve created a "virtual machine" on that IP address.
Now, LaBrea also watches for TCP traffic destined for the ether address 0:0:f:ff:ff:ff. When it sees an inbound TCP SYN packet, it replies with a SYN/ACK that "tarpits" that connection attempt. Everything else is ignored. (Well... sort of. LaBrea also tries to give its "virtual machines" some character... you can ping them, and they respond to a SYN/ACK with a RST.
Theres more to it than that (obviously...) but youll need to read further.
Enhancements:
- src/ctl.c (ctl_init_arrays): Remove call to sleep since not supposed to mix with alarm calls on linux.
- src/utils.c (util_alarm), src/labrea.c: Set alarm and signal handlers after going into daemon mode so that child will get signal
- src/labrea_init.c, src/lbio.c: Take out fudge code since libdnet 1.7 ethopen now uses the libdnet device names (ie eth1, etc).
<<lessLaBrea works by watching ARP requests and replies. When the pgm sees consecutive ARP requests spaced several seconds apart, without any intervening ARP reply, it assumes that the IP in question is unoccupied. It then "creates" an ARP reply with a bogus MAC address, and fires it back to the requester.
An example (from a tcpdump of LaBrea running on my network):
14:18:28.832187 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1
14:18:29.646402 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1
14:18:31.707295 ARP who-has xx.xx.xx.13 tell xx.xx.xx.1
14:18:31.707574 ARP reply xx.xx.xx.13 is-at 0:0:f:ff:ff:ff
There is no xx.xx.xx.13 machine on my network. In this case, the timeout was set to 3 seconds (its a command line parameter), and when that final "who-has" came in, the "is-at" reply that you see was generated by LaBrea.
There isnt a MAC address of 0:0:f:ff:ff:ff either. It doesnt exist.
But now, the router (xx.xx.xx.1) believes that there some machine at xx.xx.xx.13, and that it resides on the MAC address 0:0:f:ff:ff:ff, and so it dutifully sends packets on. In
essence, weve created a "virtual machine" on that IP address.
Now, LaBrea also watches for TCP traffic destined for the ether address 0:0:f:ff:ff:ff. When it sees an inbound TCP SYN packet, it replies with a SYN/ACK that "tarpits" that connection attempt. Everything else is ignored. (Well... sort of. LaBrea also tries to give its "virtual machines" some character... you can ping them, and they respond to a SYN/ACK with a RST.
Theres more to it than that (obviously...) but youll need to read further.
Enhancements:
- src/ctl.c (ctl_init_arrays): Remove call to sleep since not supposed to mix with alarm calls on linux.
- src/utils.c (util_alarm), src/labrea.c: Set alarm and signal handlers after going into daemon mode so that child will get signal
- src/labrea_init.c, src/lbio.c: Take out fudge code since libdnet 1.7 ethopen now uses the libdnet device names (ie eth1, etc).
Download (0.20MB)
Added: 2006-07-07 License: GPL (GNU General Public License) Price:
1208 downloads
Module::MakefilePL::Parse 0.12
Module::MakefilePL::Parse is a Perl module to parse required modules from Makefile.PL. more>>
Module::MakefilePL::Parse is a Perl module to parse required modules from Makefile.PL.
SYNOPSIS
use Module::MakefilePL::Parse;
open $fh, Makefile.PL;
$parser = Module::MakefilePL::Parse->new( join("", ) );
$info = $parser->required;
The purpose of this module is to determine the required modules for older CPAN distributions which do not have META.yml files but use Makefile.PL and ExtUtils::MakeMaker or Module::Install.
Presumably newer style Makefile.PL files which use Module::Install or Module::Build already have META.yml files in their distributions.
Methods
new
$parser = new Modile::MakefilePL::Parse( $script );
Parses a Makefile.PL script and returns an object. Returns undef if there is a problem.
required
$info = $parser->required;
Returns a hash reference containing the prerequisite modules. This is either the the PREREQ_PM key, or a combination of prerequisites specified in requires and build_requires calls in the Makefile.PL script (depending on the "install_type").
install_type
$module = $parser->install_type;
Returns the module used for installation.
CAVEATS
This module does evaluate a portion of the code, so there is a security issue. However, it only evaluates the definition of the PREREQ_PM key in calls to WriteMakefile, which should be more difficult to embed malware in.
Do not run this module on untrusted scripts.
<<lessSYNOPSIS
use Module::MakefilePL::Parse;
open $fh, Makefile.PL;
$parser = Module::MakefilePL::Parse->new( join("", ) );
$info = $parser->required;
The purpose of this module is to determine the required modules for older CPAN distributions which do not have META.yml files but use Makefile.PL and ExtUtils::MakeMaker or Module::Install.
Presumably newer style Makefile.PL files which use Module::Install or Module::Build already have META.yml files in their distributions.
Methods
new
$parser = new Modile::MakefilePL::Parse( $script );
Parses a Makefile.PL script and returns an object. Returns undef if there is a problem.
required
$info = $parser->required;
Returns a hash reference containing the prerequisite modules. This is either the the PREREQ_PM key, or a combination of prerequisites specified in requires and build_requires calls in the Makefile.PL script (depending on the "install_type").
install_type
$module = $parser->install_type;
Returns the module used for installation.
CAVEATS
This module does evaluate a portion of the code, so there is a security issue. However, it only evaluates the definition of the PREREQ_PM key in calls to WriteMakefile, which should be more difficult to embed malware in.
Do not run this module on untrusted scripts.
Download (0.008MB)
Added: 2007-05-02 License: Perl Artistic License Price:
905 downloads
mwcollect 3.0.3
mwcollect is an easy solution to collect worms and other autonomous spreading malware in a non-native environment. more>>
mwcollect is an easy solution to collect worms and other autonomous spreading malware in a non-native environment like FreeBSD or Linux.
The first versions were used to collect binaries for botnet monitoring and bots are still what mwcollect is mostly used for collecting.
Some people consider it a next generation honeypot, however that comparison often leads to the misunderstanding that computers running mwcollect can actually be infected with the malware - that is not the case!
Enhancements:
- This release adds a submit-gotek submission module, fixes some bugs in the timeout code, and builds cleanly under FreeBSD.
<<lessThe first versions were used to collect binaries for botnet monitoring and bots are still what mwcollect is mostly used for collecting.
Some people consider it a next generation honeypot, however that comparison often leads to the misunderstanding that computers running mwcollect can actually be infected with the malware - that is not the case!
Enhancements:
- This release adds a submit-gotek submission module, fixes some bugs in the timeout code, and builds cleanly under FreeBSD.
Download (0.042MB)
Added: 2006-02-02 License: GPL (GNU General Public License) Price:
1374 downloads
simscan 1.1
Simscan is a simple program that enables qmail-smtpd to reject email malware. more>>
Simscan is a simple program that enables qmail-smtpd to reject viruses, spam, and block attachments during the SMTP conversation so the email never makes it into your computers. Very efficient and written in C. It is made from open source components and is completely free
Main features:
- Runs as a separate program under a separate user than any other qmail program to limit possible security problems.
- clamav virus scanning ( --enable-clamav (default yes ) ). Rejects email containing viruses.
- trophie/TrendMicro virus scanning.
- support for spamassassin 3.0 and 2.6 series.
- spamassassin scanning ( --enable-spam (default no ) ). Rejects email that has X-Spam-Flag: YES set.
- spamassassin hit level rejection ( --enable-spam-hits (default 10.0 ) ). Requires --enable-spam to be enabled. Allows for rejection of email above a certain hit count. All other email is passed through with spamassassin headers and changes.
- attachment blocking ( --enable-attach (default no ) ). Blocks emails with attachments listed in a control file.
- fine grained control of clamav/trophie/spamassassin/attachment blocking per user/per domain/per system. ( --enable-per-domain (default no))
- logging of virus name, IP and to/from addresses to smtpd log file when a virus is detected.
- configuration option to set custom spamc arugments --enable-spamc-args
- configuration option to add -u user@domain argument to spamc --enable-spamc-user
- received header which includes virus scanner and spamassassin version nformation
- works with open source Clam AntiVirus by the Clam Team.
- works with open source trophie virus scanner interface to TrendMicro.
- works with open source SpamAssassin by the Apache Group.
- works with open source QMAILQUEUE patch by Bruce Guenter.
- works with open source ripmime by Paul Daniels.
- works with freely distributable Qmail by D. J. Bernstien.
Enhancements:
- virus drop message was not exiting at the right time. Found by Russ Lists
- use per domain hit count on spam log message if set.
- if read from standard in fails the temp file was not closed so the temporary work directory would not be removed.
<<lessMain features:
- Runs as a separate program under a separate user than any other qmail program to limit possible security problems.
- clamav virus scanning ( --enable-clamav (default yes ) ). Rejects email containing viruses.
- trophie/TrendMicro virus scanning.
- support for spamassassin 3.0 and 2.6 series.
- spamassassin scanning ( --enable-spam (default no ) ). Rejects email that has X-Spam-Flag: YES set.
- spamassassin hit level rejection ( --enable-spam-hits (default 10.0 ) ). Requires --enable-spam to be enabled. Allows for rejection of email above a certain hit count. All other email is passed through with spamassassin headers and changes.
- attachment blocking ( --enable-attach (default no ) ). Blocks emails with attachments listed in a control file.
- fine grained control of clamav/trophie/spamassassin/attachment blocking per user/per domain/per system. ( --enable-per-domain (default no))
- logging of virus name, IP and to/from addresses to smtpd log file when a virus is detected.
- configuration option to set custom spamc arugments --enable-spamc-args
- configuration option to add -u user@domain argument to spamc --enable-spamc-user
- received header which includes virus scanner and spamassassin version nformation
- works with open source Clam AntiVirus by the Clam Team.
- works with open source trophie virus scanner interface to TrendMicro.
- works with open source SpamAssassin by the Apache Group.
- works with open source QMAILQUEUE patch by Bruce Guenter.
- works with open source ripmime by Paul Daniels.
- works with freely distributable Qmail by D. J. Bernstien.
Enhancements:
- virus drop message was not exiting at the right time. Found by Russ Lists
- use per domain hit count on spam log message if set.
- if read from standard in fails the temp file was not closed so the temporary work directory would not be removed.
Download (0.12MB)
Added: 2006-07-11 License: GPL (GNU General Public License) Price:
1227 downloads
Whitetrash 0.2 RC1
Whitetrash makes it significantly harder for malware to use HTTP and SSL for initial compromise, data exfiltration, etc. more>>
Whitetrash is a user-friendly and sysadmin-friendly proxy that makes it significantly harder for malware to use HTTP and SSL for:
- initial compromise;
- data exfiltration; and
- command and control.
Main features:
- Provides whitelisting for HTTP and SSL that is good for both users and sysadmins, but defends against malware and browser exploits.
- A HTML rendered whitelist report that can be viewed by all users. Can also be used to generate static whitelists for popular domains.
- Fast: no noticeable impact on users browsing urls already in the whitelist, and adding a new URL is very quick.
- Secure: As this is a security product, great care has been taken to sanitise input, flow control etc. so that the whitelist cannot be easily circumvented or exploited.
- Users can delete their own whitelist entries (optional). Admins can delete any whitelist entry.
- A HTML report that lists all domains requested but not whitelisted - good for tracking down malware/adware and generating static blacklists.
- Configurable authentication: any sort of authentication can be used. Squid provides plugins for NTLM, basic, and digest but has an extensible interface for other authentication schemes.
Enhancements:
- This release adds a number of new features.
- Users can now delete their own whitelist entries and admins can delete any whitelist entry.
- A new HTML report is available that lists all domains requested but not whitelisted; this is good for tracking down malware/adware and generating static blacklists.
- More statistics on domains are available, including hit counts and last visited time stamps.
- Any authentication mechanism supported by Squid can now be used.
- Squid provides plugins for NTLM, basic, and digest, but has an extensible interface for other authentication schemes.
<<less- initial compromise;
- data exfiltration; and
- command and control.
Main features:
- Provides whitelisting for HTTP and SSL that is good for both users and sysadmins, but defends against malware and browser exploits.
- A HTML rendered whitelist report that can be viewed by all users. Can also be used to generate static whitelists for popular domains.
- Fast: no noticeable impact on users browsing urls already in the whitelist, and adding a new URL is very quick.
- Secure: As this is a security product, great care has been taken to sanitise input, flow control etc. so that the whitelist cannot be easily circumvented or exploited.
- Users can delete their own whitelist entries (optional). Admins can delete any whitelist entry.
- A HTML report that lists all domains requested but not whitelisted - good for tracking down malware/adware and generating static blacklists.
- Configurable authentication: any sort of authentication can be used. Squid provides plugins for NTLM, basic, and digest but has an extensible interface for other authentication schemes.
Enhancements:
- This release adds a number of new features.
- Users can now delete their own whitelist entries and admins can delete any whitelist entry.
- A new HTML report is available that lists all domains requested but not whitelisted; this is good for tracking down malware/adware and generating static blacklists.
- More statistics on domains are available, including hit counts and last visited time stamps.
- Any authentication mechanism supported by Squid can now be used.
- Squid provides plugins for NTLM, basic, and digest, but has an extensible interface for other authentication schemes.
Download (0.052MB)
Added: 2007-07-14 License: GPL (GNU General Public License) Price:
832 downloads
IRC Defender 1.4b1
IRC Defender is a Perl program for protecting your IRC network against malware. more>>
IRC Defender is a Perl program for protecting your IRC network against malware. It can protect you against virus drones, general troublemakers, ban evasion, and attacks.
The program will background, and auto join the channel you have defined where the commands given below are accepted. Please be sure to secure your channel (e.g. set +O on it) so that normal users may not access these commands!
While the program is running, you may edit its config file then do a remote rehash (e.g. via /rehash defender.*) to cause its configuration files to be re-read. When you do this any modules you have removed from the configuration will be unloaded, and any you have added will be freshly loaded. Any that remain unchanged will be re-initialised as though the bot was just reloaded by hand.
<<lessThe program will background, and auto join the channel you have defined where the commands given below are accepted. Please be sure to secure your channel (e.g. set +O on it) so that normal users may not access these commands!
While the program is running, you may edit its config file then do a remote rehash (e.g. via /rehash defender.*) to cause its configuration files to be re-read. When you do this any modules you have removed from the configuration will be unloaded, and any you have added will be freshly loaded. Any that remain unchanged will be re-initialised as though the bot was just reloaded by hand.
Download (0.049MB)
Added: 2006-07-13 License: GPL (GNU General Public License) Price:
1209 downloads
People Search and Public Record Toolbar 1.0
People Search and Public Record Toolbar is a Firefox extension is a handy menu tool for investigators, reporters, etc. more>>
People Search and Public Record Toolbar is a Firefox extension is a handy menu tool for investigators, reporters, legal professionals, real estate agents, online researchers and anyone interested in doing their own basic people searches and public record lookups as well as background research.
Find past friends, relatives, classmates, coworkers, military buddies or do background research on people and businesses.
This useful extension offers you the following free people and public record searches at the click of a mouse:
- Free People Searches: White Pages, 411, DA Plus, Zaba Search, Zoom Info, Google, International Phone Directories, Google Image Search and Riya photo search.
- Reverse Phone Numbers: White Pages, DA Plus, Google, Land Line or Cell Phone? Search, Reverse Payphone and Do Not Call List.
- Reverse Addresses: White Pages, DA Plus, Google, Mail Drop Search and Whois Lookup.
- Area Code, Zip Code and International Calling Code Searches.
- Yellow Pages & Local Searches: White Pages Yellow, DA Plus Yellow, Google Local and Yahoo Local.
- Public Record Searches: Skipease Public Record Directory, Search Systems Public Record Directory, Social Security Number Searches, NETRonline Property Records, Zillow Property Values, Trulia Real Estate Search, Yahoo Real Estate and NACO US County Information.
- Criminal Searches: Inmate Locators and National Sex Offender Registry.
- Maps & Satellites: Google Maps, Map Quest, Yahoo Maps, Google Earth, Terra Server.
- Government Phone Directories: US Blue Pages, Canada GEDS.
- US Government Search Engines: FirstGov and Google Government Search.
- News & Blog Searches: Google News, Yahoo News, Technorati, IceRocket and Google Blog Search.
- Business & Finance: Alibaba, Business.com, Thomas Registry, Google Finance, Yahoo Finance.
- Jobs & Classifieds: Indeed Meta Job Search, Simply Hired Meta Job Search, Dice Jobs, Hot Jobs, Monster Jobs, Craigslist Classifieds.
- Social Network Sites: Facebook, Friendster, MySpace, Tribe, Xanga.
This extension contains NO malicious scripts or code; no malware, spyware or adware of any kind. This extension does NOT record personal or surfing information from users. If you dont believe me, then check the source code on the extension after you download it. There is absolutely no Spyware or malware of any kind and the same person continues to attack this extension and defame it using numerous different logon ids.
<<lessFind past friends, relatives, classmates, coworkers, military buddies or do background research on people and businesses.
This useful extension offers you the following free people and public record searches at the click of a mouse:
- Free People Searches: White Pages, 411, DA Plus, Zaba Search, Zoom Info, Google, International Phone Directories, Google Image Search and Riya photo search.
- Reverse Phone Numbers: White Pages, DA Plus, Google, Land Line or Cell Phone? Search, Reverse Payphone and Do Not Call List.
- Reverse Addresses: White Pages, DA Plus, Google, Mail Drop Search and Whois Lookup.
- Area Code, Zip Code and International Calling Code Searches.
- Yellow Pages & Local Searches: White Pages Yellow, DA Plus Yellow, Google Local and Yahoo Local.
- Public Record Searches: Skipease Public Record Directory, Search Systems Public Record Directory, Social Security Number Searches, NETRonline Property Records, Zillow Property Values, Trulia Real Estate Search, Yahoo Real Estate and NACO US County Information.
- Criminal Searches: Inmate Locators and National Sex Offender Registry.
- Maps & Satellites: Google Maps, Map Quest, Yahoo Maps, Google Earth, Terra Server.
- Government Phone Directories: US Blue Pages, Canada GEDS.
- US Government Search Engines: FirstGov and Google Government Search.
- News & Blog Searches: Google News, Yahoo News, Technorati, IceRocket and Google Blog Search.
- Business & Finance: Alibaba, Business.com, Thomas Registry, Google Finance, Yahoo Finance.
- Jobs & Classifieds: Indeed Meta Job Search, Simply Hired Meta Job Search, Dice Jobs, Hot Jobs, Monster Jobs, Craigslist Classifieds.
- Social Network Sites: Facebook, Friendster, MySpace, Tribe, Xanga.
This extension contains NO malicious scripts or code; no malware, spyware or adware of any kind. This extension does NOT record personal or surfing information from users. If you dont believe me, then check the source code on the extension after you download it. There is absolutely no Spyware or malware of any kind and the same person continues to attack this extension and defame it using numerous different logon ids.
Download (0.033MB)
Added: 2007-06-27 License: MPL (Mozilla Public License) Price:
986 downloads
SINUS Firewall 0.1
SINUS project is a application which assess the potential of security without obscurity. more>>
SINUS project is a application which assess the potential of security without obscurity.
The SINUS Firewall is a TCP/IP packet filter for the Linux operating system. It is distributed under the GNU General Public Licence and comes with complete source code, as the Linux operating system does.
The SINUS firewall is a free and easy way to protect your network from the malware of the Internet. It does not guarantee perfect security, however it comes with a wealth of features, including:
Filtering of all header fields in the IP, TCP, UDP, ICMP, IGMP packets.
Intelligent RIP and FTP support.
Easy to understand, text-based configuration.
Graphical management interface for configuration of several firewalls.
Dynamic rules, including counters and time-outs.
Extensive logging, alerting, and counter intelligence.
Prevention of packet and address spoofing - GNU GPL license.
To install the software, you need a Linux 2.0.x based system. We suggest you install a bare-bone system without X or any of the other nifty features which tend to have security holes. You should not install user accounts on the firewall system. Log-ins other than from the console should be forbidden (if you absolutely have to log in remotely, we strongly suggest you install a copy of ssh).
Although the software has been subject to thorough testing, and has been continuously running without crashes for over 12 months, we are confident someone will eventually unconver A BUG in the software. Therefore, it is version "0.1".
Please do not use this software as the sole means to protect your top secret data. This software is intended for:
People who want to study firewalls
People who dont trust their current firewall
People who currently dont have any protection at all (even if there are serious bugs, it cannot get worse, can it?)
Enhancements:
- NEW FEATURES
- user level authentification between firewall and management interface
- compiles and runs on libc6 (glibc2) systems.
- CHANGES
- management interface now written as Java application (JDK 1.1.6)
- detect land attack
- changed name from sf to sifi (SINUS firewall) due to change of maintainer (now Harald Weidner ).
- BUG FIXES
- TCP RST of established connections now pass through the firewall
- fixed a segfault bug in the passive FTP code
<<lessThe SINUS Firewall is a TCP/IP packet filter for the Linux operating system. It is distributed under the GNU General Public Licence and comes with complete source code, as the Linux operating system does.
The SINUS firewall is a free and easy way to protect your network from the malware of the Internet. It does not guarantee perfect security, however it comes with a wealth of features, including:
Filtering of all header fields in the IP, TCP, UDP, ICMP, IGMP packets.
Intelligent RIP and FTP support.
Easy to understand, text-based configuration.
Graphical management interface for configuration of several firewalls.
Dynamic rules, including counters and time-outs.
Extensive logging, alerting, and counter intelligence.
Prevention of packet and address spoofing - GNU GPL license.
To install the software, you need a Linux 2.0.x based system. We suggest you install a bare-bone system without X or any of the other nifty features which tend to have security holes. You should not install user accounts on the firewall system. Log-ins other than from the console should be forbidden (if you absolutely have to log in remotely, we strongly suggest you install a copy of ssh).
Although the software has been subject to thorough testing, and has been continuously running without crashes for over 12 months, we are confident someone will eventually unconver A BUG in the software. Therefore, it is version "0.1".
Please do not use this software as the sole means to protect your top secret data. This software is intended for:
People who want to study firewalls
People who dont trust their current firewall
People who currently dont have any protection at all (even if there are serious bugs, it cannot get worse, can it?)
Enhancements:
- NEW FEATURES
- user level authentification between firewall and management interface
- compiles and runs on libc6 (glibc2) systems.
- CHANGES
- management interface now written as Java application (JDK 1.1.6)
- detect land attack
- changed name from sf to sifi (SINUS firewall) due to change of maintainer (now Harald Weidner ).
- BUG FIXES
- TCP RST of established connections now pass through the firewall
- fixed a segfault bug in the passive FTP code
Download (0.82MB)
Added: 2006-07-13 License: GPL (GNU General Public License) Price:
1201 downloads
QArchive.org web files checker 1.0
QArchive.org web files checker is an extension which allows people to check web files for any malware. more>>
QArchive.org web files checker is an extension which allows people to check web files for any malware.
The add-on allowing people to check web files for any malware (viruses, trojans, worms, adware, spyware and other unwanted things) inclusions. Install this plug-in to your browser, reload it. Then click the web file link by right mouse button and choose a "Check files with QArchive.org".
Then follow web site instructions. The usual way: your file will be enqueued. Refresh the report page to get completete antivirus report. That will show you all web files part checking and a summary as well. If you are a web master you can you the useful feature.
Taking the code of received report and placed it on your web site you can inform people about a concrete file safety. The web forums code version exists as well.
<<lessThe add-on allowing people to check web files for any malware (viruses, trojans, worms, adware, spyware and other unwanted things) inclusions. Install this plug-in to your browser, reload it. Then click the web file link by right mouse button and choose a "Check files with QArchive.org".
Then follow web site instructions. The usual way: your file will be enqueued. Refresh the report page to get completete antivirus report. That will show you all web files part checking and a summary as well. If you are a web master you can you the useful feature.
Taking the code of received report and placed it on your web site you can inform people about a concrete file safety. The web forums code version exists as well.
Download (0.005MB)
Added: 2007-03-30 License: MPL (Mozilla Public License) Price:
977 downloads
SpyBye 0.3
SpyBye is a tool to help web masters determine if their Web pages are hosting browser exploits. more>>
SpyBye is a tool to help web masters determine if their Web pages are hosting browser exploits that can infect visiting users with malware.
The project functions as an HTTP proxy server and intercepts all browser requests. A few simple rules are used to determine if embedded links on your Web page are harmless, unknown, or maybe even dangerous.
How does SpyBye work? SpyBye operates as a proxy server and gets to see all the web fetches that your browser makes. It applies very simple rules to each URL that is fetched as a result of loading a web page. These rules allows us to classify a URL into three categories: harmless, unknown or dangerous. Although, there is great margin of error, the categories allow a web master to look at the URLs and determine if they should be there or not. If you see that a URL is being fetched that you would not expect, its a good indication you have been copromised.
Why did you write SpyBye? It has become increasingly common for web sites to get compromised. This can happen either due to vulnerable web applications that you run or due to compromised servers via vectors completely out of your control. Nonetheless, it is important for web masters to be able to tell if their pages are dangerous to their users. SpyBye provides a very simple mechanism to determine how a site works on the HTTP level. This often gives us clues about potentially dangerous content. I hope that SpyBye can be of use to anyone who wants to verify if their web site could be compromised and dangerous. The unoffical explanation is that I needed some code to test libevents HTTP layer; writing a proxy exercises most of the code paths.
In a couple of days, SpyBye is going to be released as Open Source package, so that you can run your own proxy and check your pages.
Disclaimer SpyBye does not protect you from getting exploited yourself. It tries to take reasonable precautions to avoid infection while using it. However, ideally, you would run your browser in a virtual machine and revert to a clean snapshot when done. You have been warned. Todays malware is capable of rendering your computer unusable - and empty your bank accounts!
Enhancements:
- A proxy mode in which SpyBye analyzes all content in the background and provides a warning box when potentially malicious content has been detected was added.
- This means that all Web browsing can be done through SpyBye and users get protected automatically from dangerous content.
<<lessThe project functions as an HTTP proxy server and intercepts all browser requests. A few simple rules are used to determine if embedded links on your Web page are harmless, unknown, or maybe even dangerous.
How does SpyBye work? SpyBye operates as a proxy server and gets to see all the web fetches that your browser makes. It applies very simple rules to each URL that is fetched as a result of loading a web page. These rules allows us to classify a URL into three categories: harmless, unknown or dangerous. Although, there is great margin of error, the categories allow a web master to look at the URLs and determine if they should be there or not. If you see that a URL is being fetched that you would not expect, its a good indication you have been copromised.
Why did you write SpyBye? It has become increasingly common for web sites to get compromised. This can happen either due to vulnerable web applications that you run or due to compromised servers via vectors completely out of your control. Nonetheless, it is important for web masters to be able to tell if their pages are dangerous to their users. SpyBye provides a very simple mechanism to determine how a site works on the HTTP level. This often gives us clues about potentially dangerous content. I hope that SpyBye can be of use to anyone who wants to verify if their web site could be compromised and dangerous. The unoffical explanation is that I needed some code to test libevents HTTP layer; writing a proxy exercises most of the code paths.
In a couple of days, SpyBye is going to be released as Open Source package, so that you can run your own proxy and check your pages.
Disclaimer SpyBye does not protect you from getting exploited yourself. It tries to take reasonable precautions to avoid infection while using it. However, ideally, you would run your browser in a virtual machine and revert to a clean snapshot when done. You have been warned. Todays malware is capable of rendering your computer unusable - and empty your bank accounts!
Enhancements:
- A proxy mode in which SpyBye analyzes all content in the background and provides a warning box when potentially malicious content has been detected was added.
- This means that all Web browsing can be done through SpyBye and users get protected automatically from dangerous content.
Download (0.12MB)
Added: 2007-06-10 License: BSD License Price:
868 downloads
PPSee 1.21
PPSee is an album creator and image viewer. more>>
PPSee is a software for creating picture galleries of photos taken by the digital camera, scanner etc. It also makes possible to view pictures.
The created photo album can be used on your computer, however it is designed mainly for display on the Internet. Instead of photos attached to e-mails, youd better send a link to your own web pages!
Main features:
- the program uses national languages.
- the photo album provides automatic picture projection - slide show
- to move among the pictures in the photo album you can use navigation keys.
- each of the pictures can contain your description, which is saved for later use.
- you can rotate images without any modification of the original file
- photo album is based on a valid code XHTML 1.0 Strict
- the photo album does not need support from any server.
- the program has many attributes affecting the look of the created photo album.
- support of the scripting language BeanShell for greater latitude when creating the photo album.
- you can create their own templates of the photo album.
- registered users can use a batch mode from a command line
- the program can read EXIF information.
- the program runs on the systems such as Windows, Linux, MacOS, OS/2 and Solaris, as well as the photo album.
- registered users can also use new versions of the program.
- the author does not insert into program any form of malware, including: spyware, trojans and backdoors
The program PPSee enables to change the photo album by the help of a number of parameters, however a certain style of the photo album always remains preserved. If you have your own conceptions of the look of the photo album, lay-out of the pictures, navigational buttons, picture description and so on, you can create a template.
The template of the program PPSee is a model, based on which the program creates the real photo album. It is useful to know that templates - or more exactly their program accessories - enable to respect the parameters set in the user graphic environment of the program PPSee. To communicate with the program, templates use the program interface API.
Templates can be saved - together with other parameters - for later use; users can share the saved templates with no limits. Only registered users can work with templates. Detailed information makes part of the program documentation.
Enhancements:
- Photo album is created by a standard XHTML 1.0 Strict.
- You can rotate images without any modification of the original file.
- Bug fixing
<<lessThe created photo album can be used on your computer, however it is designed mainly for display on the Internet. Instead of photos attached to e-mails, youd better send a link to your own web pages!
Main features:
- the program uses national languages.
- the photo album provides automatic picture projection - slide show
- to move among the pictures in the photo album you can use navigation keys.
- each of the pictures can contain your description, which is saved for later use.
- you can rotate images without any modification of the original file
- photo album is based on a valid code XHTML 1.0 Strict
- the photo album does not need support from any server.
- the program has many attributes affecting the look of the created photo album.
- support of the scripting language BeanShell for greater latitude when creating the photo album.
- you can create their own templates of the photo album.
- registered users can use a batch mode from a command line
- the program can read EXIF information.
- the program runs on the systems such as Windows, Linux, MacOS, OS/2 and Solaris, as well as the photo album.
- registered users can also use new versions of the program.
- the author does not insert into program any form of malware, including: spyware, trojans and backdoors
The program PPSee enables to change the photo album by the help of a number of parameters, however a certain style of the photo album always remains preserved. If you have your own conceptions of the look of the photo album, lay-out of the pictures, navigational buttons, picture description and so on, you can create a template.
The template of the program PPSee is a model, based on which the program creates the real photo album. It is useful to know that templates - or more exactly their program accessories - enable to respect the parameters set in the user graphic environment of the program PPSee. To communicate with the program, templates use the program interface API.
Templates can be saved - together with other parameters - for later use; users can share the saved templates with no limits. Only registered users can work with templates. Detailed information makes part of the program documentation.
Enhancements:
- Photo album is created by a standard XHTML 1.0 Strict.
- You can rotate images without any modification of the original file.
- Bug fixing
Download (1.3MB)
Added: 2005-06-22 License: Free for non-commercial use Price:
1584 downloads
F-Secure Rescue CD 3.0 Build 12506
F-Secure Rescue CD offers you a Linux-based rescue CD to scan the computer and rename all files which contains malware. more>>
F-Secure Rescue CD 3.0 Build 12506 offers you a Linux-based rescue CD to scan the computer and rename all files which contains malware.
Major Features:
- Rescue CD scans the computer and renames all files containing malware to .virus file extension.
- Rescue CD will by default scan:
- all hard drives in the computer
- all USB drives attached to the computer
- Windows FAT and NTFS drives
- Virus definition databases are updated automatically if the computer has an internet connection
- Virus definition databases can be updated manually by using a USB drive
- The Rescue CD Guide (pdf) has step by step instructions how to use the CD
- Rescue CD will by default scan:
- Rescue CD is localized to English only.
Enhancements:
- Enhanced hardware support: Knoppix updated to version 5.3.1
- Enhanced NTFS support: NTFS-3G driver updated to version 1.2506
Requirements:
- Be x86 compatible
- Have at least 256MB of RAM
- Be able to boot from a CD
- Be able to connect to the Internet or be able to use a USB drive
Added: 2008-07-02 License: Freeware Price: FREE
1 downloads
Antispyd 0.0.9
Antispyd is an HTTP/HTTPS threat filtering proxy server. more>>
Antispyd is a HTTP/HTTPS proxy server designed to be fast, efficient, modular and secure. Its written in pure C and uses a simple and customizable configuration file. Its POSIX compliant and has been developed under Gentoo/Linux.
The server is designed with a modular software architecture, the following filters can be used and configured independently :
Url Filtering
Mime-type Filtering
Web-Identity Masking
Shellcode and Zero-day threat Filtering
Cookie Removal
Simple Signature based Filtering
Inappropriate content Blocking
Pop-up Deleting
So, Antispyd can be used to satisfy some current companys security needs like :
Web Usage Policy establishment
Instant Messaging control
Peer-to-Peer Filtering
Malware Protection
Enhancements:
- This release provides a major improvement of the signature based filtering engine (the BLOCK_SIGN filter) in terms of both performance and functionality.
- The signatures are now stored in a 3-Tree to enhance the matching of each HTTP message.
- This filtering can be performed on each HTTP messages content.
- A signature can use the hexadecimal array of a byte to specify a fields value
<<lessThe server is designed with a modular software architecture, the following filters can be used and configured independently :
Url Filtering
Mime-type Filtering
Web-Identity Masking
Shellcode and Zero-day threat Filtering
Cookie Removal
Simple Signature based Filtering
Inappropriate content Blocking
Pop-up Deleting
So, Antispyd can be used to satisfy some current companys security needs like :
Web Usage Policy establishment
Instant Messaging control
Peer-to-Peer Filtering
Malware Protection
Enhancements:
- This release provides a major improvement of the signature based filtering engine (the BLOCK_SIGN filter) in terms of both performance and functionality.
- The signatures are now stored in a 3-Tree to enhance the matching of each HTTP message.
- This filtering can be performed on each HTTP messages content.
- A signature can use the hexadecimal array of a byte to specify a fields value
Download (0.34MB)
Added: 2005-10-26 License: GPL (GNU General Public License) Price:
1458 downloads
Secleted [ 0 ] software to compare
- Page: 1 of 1
- 1
Copyright Notice:
Software piracy is theft, Using crack, password, serial numbers, registration codes, key generators is illegal and prevent future software development. The above malware search only lists software in full, demo and trial versions for free download. Download links are directly from our mirror sites or publisher sites, torrent files or links from rapidshare.com, yousendit.com or megaupload.com are not allowed
