funsec mailing list archives
Re: MD:Pro - Malware Distribution Project
From: Kenneth Bechtel <kbechtel () teamanti-virus org>
Date: Mon, 9 Jan 2006 14:18:55 -0500
Uhh, not to rain on your parade, but It's been tried before, and the business model had to be evolved, to not doing this. There are several reasons this doesn't work. First I'll not go into the ethical questions, I'm sure you've heard them before, and if not, then you did no research. Second have you considered the legal ramifications, not all countries see this as legal., and then there is the question of liability if someone doesn't safely handle your samples Third, are technical issues, amongst are the fact that people in the AV industry have free access to these samples, and exchange them back and forth in a trusted secure environment, with other trusted individuals. In the odd event they don't have a sample, they can request it from other researchers or will get it momentarily from the customer, again FREE, sometimes we even get them from the Virus Author themselves. Next how are you going to ensure the quality of your samples, are you going to take the time to vet them before making them available to your "customers", you know, making sure they are replicating samples, or intended, doing adequate zoo maintenance, to not double identify a sample. I presume you'll be using honeypots and harvesting from VX sites, which AVers already do and share amongst themselves. These are just the quick issues I thought of while typing my response, I'm sure if I think harder I could find more, but the biggest question, who are you targeting, if it's the Counter Malware developers and researchers, they already have access to this with a strong existing infrastructure and sources of samples, they don't need to pay for, so why would they pay for yours? On Monday 09 January 2006 01:37 pm, Anthony Aykut wrote:
Hi List, For information - On 01 February 2006 we will launch our Malware Distribution Project (MD:Pro) service, which will offer developers of security systems and anti-malware products a vast collection of downloadable malware from a secure and reliable source, exclusively for the purposes of analysis, testing, research and development. For a preview of MD:Pro, please visit http://www.frame4.net/mdpro. Bringing together for the first time a large back-catalogue of malware, computer underground related information and IT security resources under one project, this major new system will also contain a large selection of undetected malware, along with an open, collaborative platform, where malware samples can be shared among its members. The database will constantly be updated with new files, and maintained to keep it running at an optimum. MD:Pro will contain around 120.000 downloadable malware samples by the end of 2006. There are currently 6500+ files in the system (and counting). A product of many years' research, cataloging and compilation of hard to find information, this subscription based service will be extremely attractive to anti-virus/anti-spyware manufacturers, developers of IDS/IPS systems, etc., along with large corporations and ISPs. Registrations will be limited to corporate customers only. Key benefits are: - A single, secure, and reliable download resource - Vast amounts of historical data, along with the very latest malware sources - Custom system, designed to provide maximum benefit to anti-malware research staff - Contents updated and maintained continuously by skilled security engineers - Systems monitored 24 x 7 for maximum possible uptime and availability - A non-public list, made available for the purposes of analysis, testing, research & development PLEASE NOTE - The system is currently under heavy development; we are due to go live 01 February 2006, and as such, are not accepting any registrations for now (we are keeping applications pending until then however, and will allow access after go-live). As mentioned above, registrations will be limited to corporate customers only. Best regards, Anthony Aykut Frame4 Security Systems http://www.frame4.com/ http://www.frame4.net/mdpro Tel : +31(0)172-515901 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
-- Kenneth L. Bechtel, II Team Anti-Virus Phone - 717-579-9083 | WildList Reporter P.O. Box 635, Palmyra, PA 17078 | Founding member AVIEN E-mail - kbechtel () teamanti-virus org | Member AVAR I can't be an impostor - I don't know what I'm doing! PGP Footprint: 969E 2A27 3042 EE52 AEFB 6FF0 2711 9467 D38C 5C0F _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- MD:Pro - Malware Distribution Project Anthony Aykut (Jan 09)
- RE: MD:Pro - Malware Distribution Project Randy Abrams (Jan 09)
- RE: MD:Pro - Malware Distribution Project Drsolly (Jan 09)
- RE: MD:Pro - Malware Distribution Project Randy Abrams (Jan 09)
- RE: MD:Pro - Malware Distribution Project Drsolly (Jan 09)
- Re: MD:Pro - Malware Distribution Project Kenneth Bechtel (Jan 09)
- RE: MD:Pro - Malware Distribution Project Randy Abrams (Jan 09)
- Re: MD:Pro - Malware Distribution Project val smith (Jan 09)
- RE: MD:Pro - Malware Distribution Project Randy Abrams (Jan 09)
- Re: MD:Pro - Malware Distribution Project Barrie Dempster (Jan 09)
- RE: MD:Pro - Malware Distribution Project Randy Abrams (Jan 09)