Skip navigation.
Home

Whats needed ?

So what does OC need? Alot of people have sent me tons of malware samples (awesome thanks!) however what is really needed for OC is people who want to do cataloging, checksumming and analysis on samples. People willing to write IDS rules are needed too. If you are willing to do work uploading, cataloging and preparing samples, go for it. If you don't have any samples to work on, let me know I have enough to keep you busy. Also feel free to add info to the samples I've already seeded the database with too.

V.

What you (want) to see is what you need.

Hi,

analysing samples by hand and writing short reports helps nobody, i binds hands, and does not help the user, nor the researcher.

I'd recommend something like this:
Get a copy of every more or less known av scanner, and scan every file with every new signature and engine update the scanner has, store it (engine version, signature version, scanning result) in a (postgres) database
this would allow to
- track the namechanges
- see who calls whom who (the malware enumeration does not work yet, does it?)
- draw a timeline when which scanner recognized which sample when, using which name, and who changed the name when to what (thats why we recommend postgres)

And create a reliable way to get submissions from automated collectors like nepenthes ( http://nepenthes.sourceforge.net ), xmlrpc would allow you to check if you already know the file before getting it sended, and add something like login credentials.

We were upto run something like that ourselves, as we collect a lot, but it turned out our time is finite, but I'm willing to provide help

MfG
Markus Koetter

And someone should open a 'Open Discussion' Forum.

cool stuff

Ok all good ideas. Ill look into it and see what I can do. I'm having issues with the finite time problem as well. (I really need a webmaster so I can focus on the malware reseach heh).

Keep the suggestions coming!

V.

slight disagreement

I think one of the main benefits of the site is the ability to search on a checksum and get some idea of what the file might be. The hope and intention is to get to the point where new, uncategorized malware that the a/v vendors haven't made signatures for yet can be catalogued and analyzed here. There are many types of malware that a/v doesn't even address such as some spyware, malware for non-windows platforms, and some rootkits. However I think most of what you said is valid and I'll keep working at it.

thanks for contributing!

V.