Difference between pages "Talk:Internet Explorer History File Format" and "Malware"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
(Move as DAT)
 
 
Line 1: Line 1:
Planning on doing the following, any comments, ideas, objections?:
+
'''Malware''' is a short version of '''Malicious Software'''.
  
== Move as DAT ==
+
Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.
  
I think this page should be moved as "DAT" and then let all Internet Explorer History File Format links redirect to the format DAT.  Then in the DAT page, a little about how .dat is a common extention used by many programs to name their data files, and then the majority of the page about index.dat files specifically.  --[[User:Kristofer|Kristofer]] 00:15, 19 June 2007 (PDT)
+
== Virus ==
:Because so many other programs use .dat as an extension, I don't think it's a good idea to make the .dat page all about Internet Explorer. Instead I think the .dat page should be a list of the programs that use .dat files, including Internet Explorer. I like having a page title that holds the true meaning, not a shorthand. [[User:Jessek|Jessek]] 05:48, 20 June 2007 (PDT)
+
A computer program that can automatically copy itself and infect a computer.
:It even is not a good idea to refer to these files as index.dat because there are multiple types of index.dat file i.e. Office Recent is a text file not of the Internet Explorer History File Format --[[User:Joachim Metz|Joachim]] 08:10, 6 June 2009 (UTC)
+
  
== File Locations ==
+
== Worm ==
 +
A self-replicating computer program that can automatically infect computers on a network.
  
After moving, more of the major file locations of the index.dat should be added too. 
+
== Trojan horse ==
I will type out the full paths later, but quickly for example, the temp internet files, cookies, history, userdat, folders.  Also the ones in the system account in the windows directory, and note other accounts exist like the all users, administrator, network account, and i386 folder doesn't count does it?  Also, correct me if I'm wrong, but the History.IE6 folder should be History.IE5, regardless of IE 5, 6, or 7 being installed. --[[User:Kristofer|Kristofer]] 00:15, 19 June 2007 (PDT)
+
A computer program which appears to perform a certain action, but actually performs many different forms of codes.
: This sounds like a great addition to the [[Internet Explorer History File Format]] page. Go for it! [[User:Jessek|Jessek]] 05:49, 20 June 2007 (PDT)
+
  
== Links ==
+
== Spyware ==
 +
A computer program that can automatically intercept or take partial control over the user's interaction.
  
http://www.latenighthacking.com/projects/2003/reIndexDat/ is a great link in my opinion going through the methods of discovering the format of this unofficially documented file.  It would be great, through the help of everyone, to fill in the missing parts of the general format and outline it here, for future programmers needing to do forensics with these files.  --[[User:Kristofer|Kristofer]] 00:15, 19 June 2007 (PDT)
+
== Exploit Kit ==
 +
A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits]. Often utilizing a drive-by-download.
  
== Different Formats of index.dat ==
+
=== Drive-by-download ===
 +
Any download that happens without a person's knowledge [http://en.wikipedia.org/wiki/Drive-by_download].
  
We can write about the differences between the temporary internet files index.dat file, history index.dat file, and cookies index.dat file, while including the file paths of the other index.dat files but not emphasising on them, like the one in UserData folders. 
+
== See Also ==
  
Speaking about the three major ones seperately is important because some things are differen't between them, like the REDR tag is not in any history index.dat files, yet we have it listed on the current page. And in the URL tag, in the temporary internet files index.dat, the file name of the local cached file is specified with the originating URL. Another difference off the top of my head, the history index.dat files include page title names, and temporary internet files index.dat doesn't.  --[[User:Kristofer|Kristofer]] 00:15, 19 June 2007 (PDT)
+
== External Links ==
: I think we should have a page of commonalities, but it should be separate from each of the format specific pages. That is, the [[Microsoft Windows Cookie Format]] page could have a short section on the common elements with a link to [[Common elements in Windows History Files]]. Maybe the "main" template would work well? [[User:Jessek|Jessek]] 06:42, 20 June 2007 (PDT)
+
* [http://en.wikipedia.org/wiki/Malware Wikipedia entry on malware]
 +
* [http://en.wikipedia.org/wiki/Drive-by_download Wikipedia drive-by-download]
 +
* [http://www.viruslist.com/ Viruslist.com]
 +
* [http://code.google.com/p/androguard/wiki/DatabaseAndroidMalwares Androguard]: A list of recognized Android malware
 +
 
 +
=== Exploit Kit ===
 +
* [http://blog.zeltser.com/post/1410922437/what-are-exploit-kits What Are Exploit Kits?], by [[Lenny Zeltser]], October 26, 2010
 +
* [http://nakedsecurity.sophos.com/2013/07/02/the-four-seasons-of-glazunov-digging-further-into-sibhost-and-flimkit/ The four seasons of Glazunov: digging further into Sibhost and Flimkit], by Fraser Howard on July 2, 2013
 +
 
 +
[[Category:Malware]]

Revision as of 01:05, 21 October 2013

Malware is a short version of Malicious Software.

Malware is software used for data theft, device damage, harassment, etc. It is very similar to computer malware. It installs things such as trojans, worms, and botnets to the affected device. It is illegal to knowingly distribute malware.

Contents

Virus

A computer program that can automatically copy itself and infect a computer.

Worm

A self-replicating computer program that can automatically infect computers on a network.

Trojan horse

A computer program which appears to perform a certain action, but actually performs many different forms of codes.

Spyware

A computer program that can automatically intercept or take partial control over the user's interaction.

Exploit Kit

A toolkit that automates the exploitation of client-side vulnerabilities, targeting browsers and programs that a website can invoke through the browser [1]. Often utilizing a drive-by-download.

Drive-by-download

Any download that happens without a person's knowledge [2].

See Also

External Links

Exploit Kit