Malicious Software Sample Collection System (MSSCS –Version 1.1)用户使用手册
User Manual (Q&A)ContentMalicious Software Sample Collection System (MSSCS –Version 1.1) 1User Manual (Q&A) 1Content. 21. What is MSSCS?. 32. Why MSSCS?. 33. What machine can MSSCS be installed?. 44. How to install and configure MSSCS?. 45. What can I do?. 56. To Backup your database in server…... 67. Errors!!! 78. Any Questions?. 71. What is MSSCS?MSSCS (Malicious Software Sample Collection System), including client software and server software with a database, can record the incoming packets in the gateway and assemble these packets into binaries and then send it to the server so that it can undergo further analysis in the server.
Tips: We provide both English and Chinese Instructions in some significant part.
2. Why MSSCS?MSSCS not only realize the basic functions required, but also provide some extended functions for convenient and comfortable use and advanced features for security reason.
With MSSCS’s basic functions, you can:
A. collect the files, analyzes their information and sends them to the server on the client side (works in backstage);
B. receive files collected by the server and information on the server side and stores them (works in backstage);
C. watch the statistics report and history list (interacts with user).
MSSCS’s simplify your manipulation with its extended functions by:
A. Supporting keyboard shortcuts—both Alt key + underline letter to manipulate the menu and Ctrl key + function shortcuts (noted on the right side of the menu list).
B. Tab key control and default key—when you fill tables, you can use the keyboard to finish the whole procedure, in case the mouse cannot work;
C. check the package flow on the client as you want.
D. Adding two history lists, in which all the information of the database will be shown and can be searched by items—experienced administrators can check in detail of a new kind of malicious code.
With MSSCS’s exciting advanced features, you can:
A. Set multiple administrators and relative passwords—MSSCS ensures no unrelated people access to the file information;
B. change the directory the samples saved to—no need to worry C disk will be full of file samples;
C. search for the whole file records and package records with any key words in the database; (Upcoming soon)
D. not to worry about the assembled codes will damage your server machine—the files are renamed with the suffix .dat;
E. Identify protocol that can transport files through multiple ports.
F. Analyze file format even the file has been renamed on the suffix. (realized in FileAnalysis.rar, not included in the MSSCS project)
G. back your database automatically or manually; (Upcoming soon)
H. identify a file uniquely—MSSCS uses a Hash algorithm to get the Hash value a file, once a file is change even by a byte, its Hash value will change. (Upcoming soon)
3. What machine can MSSCS be installed?Hardware Configuration Requirement
l Pentium-IV class machines with 512MB RAM
l 17” above SVGA Monitor (after initialization setting, the client can work without monitors),1024Х768 @85Hz above
l Mouse and Keyboard
l Network Card
Software Environment
Windows® XP Professional SP2+ MSDE®
4. How to install and configure MSSCS?Where are MSSCS installed and the file samples saved?
With default settings, the server of MSSCS will be installed in the directory: C:\CCAMS\Server and the client will be installed in C:\CCAMS\Client
The samples collected will be save in C:\CCAMS\Server\Samples, if you changed the installing directory, the samples will as default be save in the folder Samples under the installing directory. For example, if you install the server in E:\YourDirectory, the samples will be saved in E:\YourDirectory\Samples
Getting started on Server!
Open the server software, login with default user Administrator and password neustar. like this:
Then you can see the interface of MSSCS (The Task Bar has a MSSCS Icon; the client also has it):
Click Start as below, you can start to listen to the client:
Getting started on Client!
To connect to the server, the client should be set with the server address it connects to.
Then you can see it successfully work like this:
We can see different protocols:
POP3 Protocol:
HTTP Protocol:
FTP Protocol:
SMTP Protocol:
To change the administrator’s password or add an administrator …
Upcoming soon…
5. What can I do?Since main functions work on backstage, the daily work of administrator is only to watch the reports the server analyzes. In Report of the menu bar, you can choose five kinds of reports and two history list (show the whole table in database, and the records can be search by items), they can help you visualize the statistics of the samples collection from various aspects:
Protocol Distribution
Protocol Distribution report counts the numeric proportion of packages transmitted with different protocols in the total packages collected.
File Type Distribution
Protocol Distribution report counts the numeric proportion of different formats of files in the total samples collected.
Samples Distribution
Samples Distribution report counts the number of samples distributed in different host in time order.
Hotspot Graph
Hotspot Graph report shows hosts which contain widespread samples and the transmission route of the samples.
Attack Diagram
Attack Diagram shows each widespread sample’s spreading route, with the time cost between every two nodes.
Extended View Function on Client
Though the client can work in the backstage, we also provide extended function for the user to view the real-time information of package collection on client. Below lists the functions:
A. In the centre of the screen, shows the information of current package collected. 屏幕的中间显示的是当前采集到的网络数据包信息
B. By clicking the package item scrolling, the user can see the related character and hexadecimal information. 用户通过用鼠标点击当前滚动的数据包条目,就能在下面看到相对应的16进制和字符信息
C. By click the right key and choose 复制(Copy), the user can copy the Source IP and Destination IP to the scrapbook. 用户可以在选中一个条目以后,单击鼠标右键来复制得到源ip和目标ip
D. On the bottom of the windows form, we provide a filter to simplify the manipulation. The user can decide which package to watch by editing some rules. For example, if he wants to watch the packages through Port 80, he needs only to input 80 in 端口(Port). 在窗体的下面是我们为了便于用户操作提供的一个Filter. 用户可以通过编辑相应的规则,来在上面屏幕上显示自己先看到的数据包:例如,只想查看80端口的数据包,只需要输入80即可
E. MSSCS provide a saving function that when the client successfully connected to the server, the client keep both IP and Port in set.ini under the setup directory of MSSCS.本程序提供保存的功能,当用成功的连接到server端的时候,程序把ip和端口保存在应用程序所在目录的set.ini文件中 (Upcoming soon…)
F. If there are too much data shown, the user can clear them by清除记录(Clear Record).如果数据信息显示的过多,用户可以通过“清除记录”来清除.
6. To Backup your database in server…MSSCS provide a backup function in the server. You can back up your database manually or automantically.
To Manually Backup…
Choose Tools->Backup Database->Manually Backup , in setting the backup directory, browse the directory for backup and type the name of backup file, you can choose the suffix as .bak or .mdf
To Automatically Backup…
Choose Tools->Backup Database-> Automatically Backup->New Backup Task, then you have to do some setting of this task in Setting frame as the following order:
1. in Setting the Backup Directory, browse the directory for backup (we strongly recommend you use New Folder to set a new folder for saving the backup files);
2. in Backup Files Type, choose .bak or .mdf, to determine which format the backup files will be;
3. in Backup Time, you will have three choices:
a) Every Day
b) Every Week->Sunday…Saturday (you can choose any weekday as you want in Every Week option)
c) Every Month-> Day (you can choose any date in a month, and if a month does not has the day you choose, backup will skip in the day and follow the next month setting; for example, if you choose to backup Every Month and the day is 30, in February it does not backup but backup on March 30).
After these settings, MSSCS will automatically backup the database in the directory you choose with the name of the backup date and time (Format: YYYY-MM-DD_hh-mm-ss.suffix).
Tips: to add Multiple Tasks
You can choose New Backup Task and follows the step 1 to 3 again to add a different time in the Automatically Backup schedule.
To Recover Database with Backup File…
If your system or you disk suffer a disaster, then you can recover your database with the backup file:
Choose Tools-> Recover Database, in the Backup File Directory, click Browse and choose a backup file, MSSCS support .bak files and .mdf files, and then click OK, your database will be recovered with the backup file (The database is located in the setup directory therefore the backup file will not be altered and can be used for next time recovery).
7. Errors!!!Although we have tested the network resource MSSCS occupies, we still provide an error prove scheme in case. Therefore if error happens, you can click File->pause to stop file collection at the server (the client still sends files and messages to server and the server will receive them after it is started). Or you can choose File->stop, to both the server the client.
8. Any Questions?Please visit our Online Help:
http://www.MSSCS.com/OnlineHelp in which you can check updated Q&A, download updating patch. To give suggestions or complain, please post at our BBS:
http://www.MSSCS.com/BBSFor further technology support, please call +86-138-9799-5301 or email: imtoffee@gmail.com.
好评 
差评 
中评 
