Fikiran Melayang Lagi..!

If we go to the Spam mails, we will find an email for instance the email that sent by banks. Then it required us to update user credentials such as username and password. That email usually was contained a link so that once the user clicked, it directed to the update page. It was a phishing or fraudulent email that sent by attacker to steal the credentials.  There are several types of phishing attacks but for this entry, I would like to talk about how to analyze the email header. If you are using Gmail, we can get the email header by click Show Original . An email consists of 3 elements:  the envelope, the header(s), and the body of the message.  Sample fraud email: Email Header --------------- The header contains the "name" and "address" of the sender, recipient and anyone who is being copied, the "date" and "time" the mail is sent and the "subject" of the mail. The header exists mainly for the computer to route mail to you.

Dynamic analysis is any examination performed after executing malware. This technique require analyst to execute malicious code in a virtual machine in order to observe what changes it will make to the operating system. Based on the observed changes, we will try to figure out how the malware works and what the indicators of the system infection are. Behavioral analysis will cover following topics: ·          Detecting new process creation ·          Detecting file system and registry changes ·          Detecting rootkit artifacts using GMER ·          Analyzing in-memory strings ·          Monitoring system events  1.    Preparing the analysis Setup the clean Windows Machine and snapshot as a clean version. Install the tools such as Regshot, Process Explore, Process Monitor and etc in the Windows Machine. Then use INetSim that installed in Linux machine to simulate common Internet services. After running the INetSim, start the following tools; Process E