Wednesday, July 02, 2008

Analysis Question

Didier Stevens recently posted a Python script that will create a .VBS script with an embedded executable. This kind of reminds me of the stories about MIT in the late '60's, when the freshmen would try to crash the server, and the admins wrote the "servercrash" script...to sort of remove the mystery and ability to claim bragging rights from the whole mess.

Didier's script presents an interesting opportunity...what would you look for if you were analyzing a system and trying to determine if something like this had been used? Any thoughts? Grab the Python script, maybe install ActivePython, and see what you come up with...