Hello Mark, > If I MD5 the collection of questionable files, is there a database I can > cross-reference my MD5's against to authoritatively identify what these > things are? Please have a look at RootkID <http://rk.cyberabuse.org/>. Their database is available in the download section. However, they use SHA1 instead of MD5. HTH, Andreas ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 03:27:07 PST