Scribd Logo
Upload

Welcome to Scribd!

  • cfr410 Week 10

    Uploaded by

    api-323098954
    49 views5 pages

    Original Title

    cfr410 week 10

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    49 views5 pages

    cfr410 Week 10

    Uploaded by

    api-323098954

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    CFR410

    Malware Report
    Austin Ticknor
    University of Advancing Technology
    3/26/2016

    For this report, I was required to identify which of 3 select computers


    was responsible for sending and spreading a piece of malware through
    network traffic. The first thing I did was to look up the host names for each of
    the 3 computers using a tool called Network Miner. They were Rocketman-PC,
    WorkStation6, and MyHumps-PC.

    Thankfully, the host names for the computers also revealed the IP addresses
    that were associated with each. The IP addresses all started with
    192.168.204 and ended with either .139, .137, or .146.

    I then proceeded to look under the hosts tab to find the Mac address
    associated with each of the 3 IP addresses. They were MAC: 000C299DB86D
    for .137, MAC: 000C2961C189 for .139, and MAC: 000C29FCBC2E for .146.

    After that, I then proceeded to take the 3 IP addresses and look through the
    websites they all visited. Only one had visited infected sites, 2 to be exact.
    That IP address was 192.168.204.137.

    Their domain names in the same order are 185.14.30.113 and


    168.235.69.248. The second of which was identified as the exploit kit
    because the port number 22780 is not a standard port used for HTTP traffic,
    thus malware was certainly possible. Finally, the first of the 2 links is known
    to be the redirect URL.
    So what happened in detail was that the link
    http://col.reganhosting.com/ was used as a redirect for the exploit kit found
    in the link http://epzqy.iphaeba.eu/. The host name computer MyHumps-PC
    a.k.a. 192.168.204.137 was identified as the only Host that came across any
    malware whatsoever.

    Reference Page:
    Hunt Down and Kill Malware with Sysinternals Tools (Part 1). (2011, June 15).
    Retrieved March 26, 2016, from http://www.windowsecurity.com/articlestutorials/viruses_trojans_malware/Hunt-Down-Kill-Malware-Sysinternals-ToolsPart1.html

    How To Detect Malware Infection On Your Computer. (n.d.). Retrieved March


    26, 2016, from
    http://www.lavasoft.com/mylavasoft/securitycenter/articles/how-to-detectmalware-infection

    How To Capture And Analyze Network Traffic Using NetworkMiner. (2013, June
    11). Retrieved March 26, 2016, from
    https://www.maketecheasier.com/capture-and-analyze-network-traffic/

    You might also like