Schneier on Security
A blog covering security and security technology.
« CATO on the Risks of Terrorism |
| AOL Releases Massive Amount of Search Data »
August 8, 2006
Malware Distribution Project
In case you needed a comprehensive database of malware.
Malware Distribution Project (MD:Pro) offers developers of security systems and anti-malware products a vast collection of downloadable malware from a secure and reliable source, exclusively for the purposes of analysis, testing, research and development.
Bringing together for the first time a large back-catalogue of malware, computer underground related information and IT security resources under one project, this major new system also contains a large selection of undetected malware, along with an open, collaborative platform, where malware samples can be shared among its members. The database is constantly updated with new files, and maintained to keep it running at an optimum.
There are currently 271712 files in the system.
This isn't free. You can subscribe at 1,250 euros for a month, or 13,500 euros a year. (There are cheaper packages with less comprehensive access.)
They claim to have a stringent vetting process, ensuring that only legitimate researchers have access to this database:
It should be noted that we are not a malware/VX distribution site, nor do we condone the public spreading and/or distribution of such information, hence we will be vetting our registrants stringently. We do appreciate that this puts a severe restriction on private (individual) malware researchers and enthusiasts with limited or no budget, but we do feel that providing free malware for public research is out of the scope of this project.
EDITED TO ADD (8/8): The hacker group Cult of the Dead Cow also has a malware repository, free and with looser access restrictions.
Posted on August 8, 2006 at 7:56 AM
• 12 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
@PJ: "I like how they 'nicely' let you share your malware with other customers via their 'collaborative platform'... thereby co-opting their customers' contributions into making them more money."
(1) At least they are not spreading it
(2) Keeping it within a paying circle of select customers
If this culminates in a bigger, better DB that also
(3) Makes them more money
What is wrong with that piece of Capitalism?
computer virus libraries have been attempted in the past by several people to varying degrees of success. these two latest projects, MD:Pro and OffensiveComputing, and so far more successful than many of the other efforts over the years.
when looking at why such a library exists, these following are often cited as reasons: first, it's a place where someone can test their AV product against a set of samples. second, it's useful for teaching reverse engineering. third, it can be useful for analyzing trends, either over time or even in bulk. these are just a few of the reasons that come to mind immediately.
however, there's a potential pitfall with such a library when it's run by someone with whom you don't have any experience or any trust. you have to ensure (if you're building an AV tool) that these samples represent the actual samples you'll encounter in the wild. if you're studying trends, you have to ensure that the data set is made up of actual malware that represents the population you wish to study. and lastly, you have to ensure that access is restricted to maintain integrity (ie deletions) and to keep your responsibility (ie not infecting the world with some malicious code).
to date, i don't know if the AV community (which has very stringent rules on this sort of thing, too stringent for some) has had these and all criteria for a malicious code "zoo" satisfied. i do not pretend to speak for them, but i do wish to raise some of the points that naturally arise when researchers think about data sets and repositories of such beasts.
i like the efforts and even know one of the people behind on of them, but it's important to put it all in perspective.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.