Malware Search Engine

Monday, July 17, 2006

Malware Search Engine

While it seems that it takes a publicly traded Internet filtering company to come up with quite some creativity, it's always coming back to the community to break through the FUD and release a PoC Malware Search Engine.

The concept is great, excluding the dark web(closed behind authentication, and basic crawler blocking approaches), but what bothers me besides all the fuss is that it's a signature based approach taking advantage of the most recent Google's crawl of the Web. 0day malware naturally remains undetected, while it's a great way to sum up the percentage of infections with known malware on different domains/hosts, given you know what and where to look for. It's not the binary nature of a malware to emphasize on, but today's malware released under a GPL license, an issue I stated as a key factor for the future growth of malware at the beginning of 2006. I also came across to an article pointing out the same problem :

"Open tools and techniques have found favor among an unlikely community. Malware writers are using open-source ideas and tools to share malicious code, collaborate, and wreak online mayhem, the security firm McAfee said in a report issued Monday. Cyber criminals are making available source code with documentation so that it can be easily modified using popular open-source project management tools like Content Versioning System (CVS), thus giving malware creation a high degree of efficiency, said McAfee’s Global Threat Report for 2006."

To keep the discussion going by the time I release a summary of what I've been coming across for quite a while -- tons of bot source codes available on the public Web, barely any binaries -- go through previous posts related to the diverse topic as well.

UPDATE : eWeek has a nice article on the topic

Malware
Malware trends - Q1, 2006
What are botnet herds up to?
Why relying on virus signatures simply doesn't work anymore?
Skype to control botnets?!
The War against botnets and DDoS attacks
Master of the Infected Puppets
One bite only, at least so far!
Look who's gonna cash for evaluating the maliciousness of the Web
The anti virus industry's panacea - a virus recovery button
No Anti Virus Software, No E-banking For You
The Current State of Web Application Worms
Web Application Email Harvesting Worm
Unknowingly Becoming a Child Porn King
Real-Time PC Zombie Statistics
Malicious Web Crawling

Agobot configuration interface courtesy of Hakin9's "Robot Wars – How Botnets Work".

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Monday, July 17, 2006

Malware Search Engine

No comments:

Post a Comment