funsec mailing list archives
Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]
From: val smith <mvalsmith () gmail com>
Date: Wed, 28 Dec 2005 17:59:41 -0700
I. Have users authenticate themselves to the website after first registering via email.
Im doing that one already A Optionally, New users can only get credentials after being
nomimated by two existing members 1. Optionally, Seed the first users with well known AV vendor people
If i could get any feedback whatsoever from well know AV people Id be intersted in looking into this. Not sure about the vetting process however thats a pretty good start for one. II. Only post samples that are detected by at least one major AV
vendor; send undetected samples to legit AV vendors (this will discourage people from writing new stuff and uploading it)
This really defeats the purpose of being able to rapidly anlayze new stuff hats not detected yet. I do indeed already send undetected samples to legit AV vendors III. Remove samples after a period of time.
Most legit analysis only need be done for a period of time shortly after discovery
Not sure about this one, have to think on it. IV. Don't provide access to file infectors.
These are relatively rare and easy to mishandle V. Don't provide any source of any kind
I think this falls into the argument of just not doing it at all then. The source is of greatest use if I can get it. However I wasnt planning on source since I assumed I'd never get it anyway. VI. Limit the amount of stuff that someone can download so that they
can't leech the site
I can definitly at least prevent things like wget, etc. VII. Encrypt samples in storage and unencrypt (or provide the key) on
the fly when the file is requested. This should raise the bar should your server itself be compromised.
Have to think about this one. Not sure if thhe work outweighs the benefit, but possibly. VIII. Freely provide as much information as possible about the sample
so that users may use that information and don't need to get the sample itself. e.g. filenames used, bot C&Cs, URLs it requests, MD5 / SHA-1 hashes, CLAM sig, etc.
Already do this except for the "don't need to get the sample itself" I'm sure there's more, but that's a off the top of my head...
-John
Mostly good suggestions! Thanks! V
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!], (continued)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 28)
- RE: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Randy Abrams (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Richard Cox (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was:Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] John LaCour (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 29)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Nick FitzGerald (Dec 29)
- Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Pierre Vandevenne (Dec 29)
- Re[2]: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Drsolly (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] val smith (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!] Gadi Evron (Dec 30)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Nick FitzGerald (Dec 28)
- Re: Re: Malware sharing? People are full of shit [was: Get your computer viruses here!] Gadi Evron (Dec 30)
- Re: Get your computer viruses here! Drsolly (Dec 27)