Re: MD:Pro - Malware Distribution Project

[Kenneth Bechtel <kbechtel () teamanti-virus org>]

Uhh, not to rain on your parade, but It's been tried before, and the business 
model had to be evolved, to not doing this.  There are several reasons this 
doesn't work. First  I'll not go into the ethical questions, I'm sure you've 
heard them before, and if not, then you did no research.  Second have you 
considered the legal ramifications, not all countries see this as legal., and 
then there is the question of  liability if someone doesn't safely handle 
your samples  Third, are technical issues, amongst are the fact that people 
in the AV industry have free access to these samples, and exchange them back 
and forth in a trusted secure environment, with other trusted individuals.  
In the odd event they don't have a sample, they can request it from other 
researchers or will get it momentarily from the customer, again FREE, 
sometimes we even get them from the Virus Author themselves.  Next how are 
you going to ensure the quality of your samples, are you going to take the 
time to vet them before making them available to your "customers", you know, 
making sure they are replicating samples, or intended, doing adequate zoo 
maintenance, to not double identify a sample.  I presume you'll be using 
honeypots and harvesting from VX sites, which AVers already do and share 
amongst themselves.  

These are just the quick issues I thought of while typing my response, I'm 
sure if I think harder I could find more, but the biggest question, who are 
you targeting, if it's the Counter Malware developers and researchers, they 
already have access to this with a strong existing infrastructure and sources 
of samples, they don't need to pay for, so why would they pay for yours?

On Monday 09 January 2006 01:37 pm, Anthony Aykut wrote:
> Hi List,
>
> For information - On 01 February 2006 we will launch our Malware
> Distribution Project (MD:Pro) service, which will offer developers of
> security systems and anti-malware products a vast collection of
> downloadable malware from a secure and reliable source, exclusively for the
> purposes of analysis, testing, research and development. For a preview of
> MD:Pro, please visit http://www.frame4.net/mdpro.
>
> Bringing together for the first time a large back-catalogue of malware,
> computer underground related information and IT security resources under
> one project, this major new system will also contain a large selection of
> undetected malware, along with an open, collaborative platform, where
> malware samples can be shared among its members. The database will
> constantly be updated with new files, and maintained to keep it running at
> an optimum. MD:Pro will contain around 120.000 downloadable malware samples
> by the end of 2006. There are currently 6500+ files in the system (and
> counting).
>
> A product of many years' research, cataloging and compilation of hard to
> find information, this subscription based service will be extremely
> attractive to anti-virus/anti-spyware manufacturers, developers of IDS/IPS
> systems, etc., along with large corporations and ISPs. Registrations will
> be limited to corporate customers only.
>
> Key benefits are:
>
> - A single, secure, and reliable download resource
> - Vast amounts of historical data, along with the very latest malware
> sources
> - Custom system, designed to provide maximum benefit to anti-malware
> research staff
> - Contents updated and maintained continuously by skilled security
> engineers - Systems monitored 24 x 7 for maximum possible uptime and
> availability - A non-public list, made available for the purposes of
> analysis, testing, research & development
>
> PLEASE NOTE - The system is currently under heavy development; we are due
> to go live 01 February 2006, and as such, are not accepting any
> registrations for now (we are keeping applications pending until then
> however, and will allow access after go-live). As mentioned above,
> registrations will be limited to corporate customers only.
>
> Best regards,
>
> Anthony Aykut
> Frame4 Security Systems
> http://www.frame4.com/
> http://www.frame4.net/mdpro
> Tel : +31(0)172-515901
>
>
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

-- 
Kenneth L. Bechtel, II
Team Anti-Virus
Phone - 717-579-9083                      | WildList Reporter
P.O. Box 635, Palmyra, PA 17078           | Founding member AVIEN
E-mail - kbechtel () teamanti-virus org      | Member AVAR
I can't be an impostor - I don't know what I'm doing!
PGP Footprint: 969E 2A27 3042 EE52 AEFB  6FF0 2711 9467 D38C 5C0F

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.