Vast Malware Repository Dedicated To R&D 81
An anonymous reader writes "Dutch company Frame4 group is offering subscriptions for the Malware Distribution Project, a large security archive with a massive collection of downloadable malware and computer underground related information for the purposes of analysis, testing, research and development. Help Net Security has talked with the founder of the project and several other security researchers to get more details on this unique service."
Re:ooh la la (Score:4, Funny)
Why bother. (Score:5, Insightful)
Re:Why bother. (Score:5, Funny)
Plus, what could be better than a nice set of stable URLs for your next trojan or worm to download additional payload from?
Re:Why bother. (Score:5, Insightful)
Why won't the email site download to my home page?
Why change ISP? I'm fine with Firefox.
You can't hack my girlfriend's facebook? I thought you said you were good with computers.
I'm this website's 1000000th visitor. Disney world here I come!
My computer was warm so I turned off the firewall.
Port 80? Are those like USB ports or what I don't have that many
Where's a good place to buy music online?
Free virus scan? Better safe than sorry.
WinRAR trial expired? I'd better go buy it.
200 megabytes? How many songs is that?
Hmm let's try... playboy.com
My computer is the best: it has 40GB of memory
My mouse is moving slow, should I get a new one?
Guess what, I just bought a new 100MB internet.
I just bought a new alienware computer. Man I love Quake and Starcraft
What's a RAR file? It's not running in windows media player.
Re:Why bother. (Score:4, Funny)
Re: (Score:2)
No No NO, please stop!!!
My psychiatrist was making great progress and I was almost over all my problems as an "ex-computer guy", but after reading your post, there were many many horrible flashbacks. I suddenly feel the urge to kill again.
ARRRGHH!!!!
I hope he pointed you in the right direction, then.
Re: (Score:1, Funny)
Congrats, you just made every tech support agent's personal hit-list.
I don't even do tech support and I want to hit you.
Re: (Score:2, Interesting)
Thank you for summarizing the entirety of Computer Stupidities [rinkworks.com] - it's reminded me to check for updates!
Re: (Score:3, Interesting)
So YOU were the guy that sucked our tech call recording box dry. Was already wondering who wants to hear the random ramblings of riled rubbleheads...
Re: (Score:2)
Re:Why bother. (Score:4, Insightful)
All these things are easily solved by natural selection. :)
So let it do its job. You are not competent to find a better way in so much less than the billions of years that that process had to optimize anyway.
Remember that every idiot or genius you help, is an idiocy or ingenuity whose survival you support.
And every genetically inferior or superior lifeform that you help, is a mutation whose survival you support.
So choose wisely, because it's you who will define the future of humanity.
Re: (Score:3, Insightful)
I know you're trying to be funny, but:
1. If you're guiding it, it's not natural selection, it's eugenics.
2. Any time people start talking about eugenics, it makes me nervous. The Germans pretty much ruined that for the rest of us.
Re: (Score:2)
Parents probably pushed her into relics like playing with dollhouses or - if they're really progressive - even sports.
I think one of my professors is actually proud that he wasted the first 25 years of his life throwing a football and running in circles instead of "having no life" and spending all of his free time in the virtual world.
I guess the benefit is when the zombie apocalypse comes we'll have a bunch of people with really good teamwork that would make fantastic grenadiers.
Re:Why bother. (Score:5, Insightful)
And you know what? Those guys make equally disparaging jokes about non-medical types.
They have diagnoses like FITH and PFO ("Fucked In The Head" and "Pissed and Fell Over", respectively).
"Hey, didja hear the one about the guy who thought his humerus was his funny-bone? Laugh? I nearly defecated!"
Interesting, but rather expensive. (Score:5, Interesting)
This looks like an interesting service. At $1170 per month, it seems to be aimed at companies providing security services such as anti-virus providers. That price should also keep it out of reach of casual hackers (or crackers!)
Re:Interesting, but rather expensive. (Score:5, Insightful)
At $1170 per month, it seems to be aimed at companies providing security services such as anti-virus providers. That price should also keep it out of reach of casual hackers (or crackers!)
Hmmmmm a bot-net controller hacker could possibly pay this because his gangsta-spammer-govermment bosses wants to be in the edge of the malware bussines and that means knowing the weapons and information of your enemy, just sayin'...
Re:Interesting, but rather expensive. (Score:5, Funny)
I'm trying to imagine a gangsta-spammer-government boss. Like for Megaman 19 they're scraping the bottom of the barrel for boss ideas so they pick words at random.
Re: (Score:2)
Re: (Score:2)
But Mega Man is in the shiny chrome Jetsons kind of universe right? Spammer and government fit that image but gangsta requires some work. I am reminded of the Don Bot's space-capable 1930s towncar. Now that fits well with the shady corrupt government image but what about spammer? Clearly we need to discuss this further.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
The repository is most likely useless to your bot-net controller.
No source code. What should he get out of it, how it's done elsewhere? He already knows what tricks work these days. HOW to do it, i.e. what technology to use, isn't easily visible in a binary, it's less hassle to go and invest those 1000 bucks into an actual malware kit.
Re: (Score:1)
Re: (Score:3, Insightful)
A good question is whether they vet their customers for some semblence of legitimacy. If I were them I wouldn't accept any money from Nigerian businessmen looking to divvy up their fortunes...
Re:Interesting, but rather expensive. (Score:5, Insightful)
You're joking, right? Do you know how much money the click-fraud and spam campaigns make, every single month? Try more than I make in a year, and I make a modest 6-figure income. Trust me, $1,700 is a pin-drop to these folks.
All they need is enough to suck out the entire contents of the repository, and it's a goldmine for thousands of new bots, malware revisions and other miscreant creations to pop up.
Back in the early 90's, I ran a BBS called "Hacker Heaven BBS", and I provided online access to the full Dr. Solomon catalog, f-prot's database (for searching viruses), AND I had file bases with thousands of samples of source code for ASM viruses and other infections at the time. Thousands.
People weren't coming to my BBS for research, they were coming to figure out what was the most-dangerous, and then fetch that. I could see them hit the database, search around, and then hit the virus vault to download the matching source to build their own nightmare.
IMHO, this is a bad, BAD idea.
Re: (Score:1)
You're joking, right? It's a collection of stuff that is already freely available and already installed on all those computers that "connected to the internet just to get my email"
Re:Interesting, but rather expensive. (Score:4, Interesting)
IMHO, this is a bad, BAD idea.
You're probably justified in being worried. However at the moment, the only people who really understand malware are the people who already propagate viruses. This database will even the odds, enabling security professionals to stand on a more even technological level with the people they're opposing. There's all sorts of interesting parallels to the gun control debate here.
Re:Interesting, but rather expensive. (Score:5, Interesting)
There will always be more unstable people with access to guns, than bullet-proof vests.
In this case, there will always be more malware than tools available (and current/updated) to fight it. It's a losing battle, and we're always going to be in reactive mode, not proactive. The latest malware is sneaky as heck, and it's getting smarter and stealthier all the time.
I'm lucky I don't run Windows (or Mac for that matter).
Re: (Score:2, Funny)
Re: (Score:2)
Re:Interesting, but rather expensive. (Score:5, Insightful)
lol what? The malware is already in the hands of the fraudsters; the whole point was to find and catalog specimens in the wild so that we can have a copy too. Giving it back to them is just really expensive offsite backup as far as "these folks" are concerned.
There is the potential for people to be educated through these collected examples in the ways of cracking - but education's a good thing!
Known vulnerabilities are either fixed or should be fixed which is good enough for me. Put the library up, make it available. If anything the mob of script kiddies sweeping through and causing havoc could embarrass vendors into releasing fixes.
Hm I wonder if anyone's thought of the copyright aspects? Someone wrote the code and they are assumed to hold the copyright.. obviously they're not going to come forward and press charges, but does that give this firm the right to violate his copyrights? It's almost a blackmail position.. and if the author gets busted and has nothing less to lose, could he sue these people for charging $1700 for his IP?
Re: (Score:1, Interesting)
Re: (Score:2)
And when you shut down your BBS, that was the end of that. There was never another zoo until now.
Re: (Score:2)
You're joking, right? Do you know how much money the click-fraud and spam campaigns make, every single month? Try more than I make in a year, and I make a modest 6-figure income. Trust me, $1,700 is a pin-drop to these folks.
Do you have a source for this? I read a great profile on a spammer a while back, seems he lives in a trailer park, "works" long hours, and still clears less than minimum wage. And he had a pretty large scale operation too. Freakonomics also pointed out that most drug dealers really
Re: (Score:2)
That price should also keep it out of reach of casual hackers (or crackers!)
Because surely they don't have access to this sort of thing already.
Will be public in no time (thanks to p2p/gnutella) (Score:2, Insightful)
The "success" of this endeavor will be short lived. It will be on every software sharing site and etc in no time.
Re: (Score:2, Interesting)
It will be on every software sharing site and etc in no time.
That would require a leak from a major security company or a university. We can only hope one of them leaves limewire on a company laptop to leak it for the rest of the world.
Re:Will be public in no time (thanks to p2p/gnutel (Score:3, Informative)
You mean it already is on every computer, in no time.
Re: (Score:1, Offtopic)
Oh, didn't know that if it's true. If it is I stand corrected and withdraw my earlier comment. Oh wait, I can't do that either. Man is SlashDot limited or what?
Re: (Score:1)
ok, so what, I look like a twat... big fucken deal dude... I didn't know an obscure detailed aspect of slashdot that is entirely irrelevant... and stupid too...
yes this is an off topic post. revel in it.
Finally (Score:4, Funny)
Re: (Score:2)
Considering that the bad guys can always use stolen credit cards to pay for it...
Re: (Score:1)
A useful service! And only $1170 a month? What a steal! Everyone knows how hard it is to find malware on the internet.
you're right, just spend some $$$ for a licensed M$ OS and get ALL of them for free!
From the article: (Score:4, Informative)
From the article:
"Rob McCarthy, founder and Senior Software Developer at Lightspeed Systems has been using MD:Pro since December 2008, and he comments: "I use it every week - without fail. I use the virus samples in my work to first verify that our virus signatures are complete, and secondly to find similarities between different viruses. Some weeks most of the virus samples are completely new and so I am able to test our anti-virus software against threats that our customers haven't even seen yet"
I'm pretty sure they have, even if you haven't and they don't know about it.
What you get for $1170 a month (Score:5, Funny)
Thank you for purchasing our product. At Frame4, we are proud to be your malware superstore.
To activate your subscription and access our malware repository, please do the following:
1) If you haven't already done so, install Internet Explorer.
2) Turn off any antivirus software. Programs like McAfee and Norton regularly register "false positives".
3) Start browsing the web! Our mirror sites will automatically begin downloading the malware onto your computer.
Good luck, and happy hunting!
They're missing a few key programs. (Score:1)
No "Microsoft Windows", no "Conficker", no "Downadup"...what kind of worthless malware repository is this? They're missing all the good stuff that people want to see. It's like having a museum of things used to kill people and not having an example of a car.
Oblig Futurama (Score:3, Funny)
Can you spell "Copyright Violations"? (Score:3, Insightful)
Well such a service would be violating the copyrights of all the authors of the software that is contained in their database. As such the service would be open to many copyright lawsuits not to mention the "hey our software's not malware, it's special feature ware" slander lawsuits. The Virus Makers would have a new source of income!
Breaking the law to stop those that break the law. Typical double standards set by those who thing they are doing good in the world.
Re: (Score:3, Insightful)
Well such a service would be violating the copyrights of all the authors of the software that is contained in their database. As such the service would be open to many copyright lawsuits not to mention the "hey our software's not malware, it's special feature ware" slander lawsuits. The Virus Makers would have a new source of income!
Breaking the law to stop those that break the law. Typical double standards set by those who thing they are doing good in the world.
It would take an extremely brazen (not to say suicidal) kind of virus/trojan writer to acknowledge authorship of the malware they created. While they might be successful suing this particular repository for damages, they would open themselves up to 1000s of lawsuits - both civil and criminal - from people/companies that their creation infected...
Re: (Score:2)
What?? Do you seriously think that anyone who is smart enough to write a good virus/trojan would be stupid enough to take out a copyright on it?
Taking out a copyright (Score:2)
Do you seriously think that anyone who is smart enough to write a good virus/trojan would be stupid enough to take out a copyright on it?
In Berne Convention countries, including every country in the World Trade Organization, copyright exists from the moment a work is fixed in a tangible medium. An author has to "take out" a copyright [copyright.gov] only if he wants to recover statutory (RIAA level) damages for infringement.
Re: (Score:2)
That's interesting. However, a copyright can only be defended by it's owner, right? I could make millions selling pirated Microsoft software, and as long as they don't complain, I'm not doing anything wrong. Copyright laws are civil, not criminal.
Re: (Score:2)
Copyright laws are civil, not criminal.
The Berne Convention only requires civil penalties, but the United States and some other countries have chosen to enact criminal penalties. This is why orphaned works need an explicit legal framework, in order to bar the feds from pressing charges.
Offensive Computing (Score:4, Informative)
Get much of the same for free at http://www.offensivecomputing.net/. Currently hosting 682818 samples and adding more all the time.
Wink (Score:2)
It's for analysis, testing, research and development. So they say.
Hmmmm. Reminds me of the UK chemical weapons lab at Porton Down. It was purely for developing countermeasures, honestly.
My little script would go like this: (Score:2)
if [ ! -e $malware.d ]; then
if [ ! -e $malware ]; then
wget $malwareRepository -O $malware
fi
mkdir $malware.d
tar -xf $malware -C $malware.d
fi
cd $malware.d
# most important line:
find -type f -perm -1 -exec {} \;
Put in on a big enough USB stick, stick it into a company computer (preferably of someone you don't like very much), fire and forget. (All without leaving traces of course.)
P.S.: I know, I know. This was not meant to