Forensic Challenge: Help stop the Sbuxnet trojan!

This is a fun forensic challenge created originally for NYU's CSAW Capture the Flag Finals event. The story behind the challenge, along with additional forensic challenges were also used for ACSAC's Tracer Fire class. Now I'm hosting both the forensic image and command and control server on the net so anyone can play.

Begin here: [] (the challenge is over, thanks to those who played!)

Tools / Techniques / Skills involved:

  • Filesystem forensic analysis
  • Email forensics and cryptographic tools
  • Python, small bit of source code analysis
  • Filetype header analysis, image forensics
  • Minor HTML/HTTP understanding
  • Patience, etc...

Rating: PG-13, use of foul language, simulated violence.

The challenge is a bit lengthy, but there are several videos along the way to keep you amused as you come closer and closer to stopping a hideous trojan. There are no prizes for solving the challenge but so far no one has completed it 100%. If you believe you've solved the challenge and stopped the trojan, email me at and if you're correct I'll add you name to this post proclaiming you victorious!

Update: Johannes Gumbel was the first to solve the challenge!

Also, if you find any part unnecessarily-difficult or broken, please let me know! Have fun!