Hi all,

  We've developed a Wireshark plugin that will allow you to view obfuscated 
pcaps of traffic from a Mariposa infected client and actually decrypt them 
within Wireshark. The software is available to all as open source software 
under the GNU GPL license. We hope that it helps in doing further investigation 
and research into the Mariposa botnet.
  Special thanks to Defence Intelligence for their analysis on Mariposa.

  You can get more information for this tools on our blog at

http://www.paloaltonetworks.com/researchcenter/2009/10/mariposa-tool/

  You can also get the source code and a Windows DLL from the google code at

http://code.google.com/p/botnetdecoding/


Thanks,
M.Yanagishita

Reply via email to