Skip navigation.
Home

Should access to malware be:

Open and free to all
82% (154 votes)
restricted to a vetted list
17% (32 votes)
only available to A/V and badguys
1% (1 vote)
Total votes: 187

any of you voters

willing to post why you voted how you did ?

im especially curious about the 9 people who voted for the vetted list. How would you yourselves be vetted and under what criteria?

V.

- reasons -

The VX-wannabees and the script-kiddies already have more than enough (re)sources where they can shop from; and the serious criminals have closed lists and trading posts where your average AV groupie even cannot get a sniff at.

Still, I'm all for a closed, vetted list - non-public, and only open to AV/Malware professionals, with maybe one or two exceptions. The vetting can party be done by making the list paid. I could go on ad nauseam, but I'll stick that in a mail to you :-)

[AA]

Vetted list and malware professionals

Hi

The problem i see with this is the definition of a malware professional.
Is everybody working for an AV company a malware specialist ?
(I would clearly say NO btw).
So how to judge who to allow to enter the sanctum ?

I voted for open because you cant prevent "bad guys" getting their fingers on malware.
(And with millions of people clicking on whatever they get in their mail as long as the subject line is in their native language, i guess it is pretty much pointless anyway to keep the "new bad stuff" from them as they can use the stuff they have already)

only those working for an av

only those working for an av or antimalware company or known accepted anti malware researchers &/or those who are publicly known from the main antimalware forums as capable of researching on infected files

It's hard enough fighting all these baddies without making it easier for the script kiddies to get hold of these files easier than they already do

Open to all

By "all", I mean "all who have verified an email address".

Basically, it's hard to learn how to analyze malware. Having a site full of analysis with the original binary helps that process. Making it easier to learn will hopefully spur more people into attacking new malware as it comes up.

The concept of keeping the samples to a 'vetted' list of people who already are in the industry radically changes what this site is about. The site should encourage learning, not enforce the already high barriers to the industry.

Vetted List

I curreently do research on computer virus and other mal-ware. I have been doing this since 1994 and have delt with several virii that are extremely dangerous or damaging for the average user to "play around with."

A vetted list would at least insure that in some way the people who receive any copies from your sight are held responsible for them escaping their control should that ever happen.

What criteria should be used? Well, in colleges and universities a c.v is used to demonstrate or prove a prospective instructor's qualifications so something like that could be used. Of course the "c.v." submitted would need to be verifiable in some way; for example a sample of the person's previous work or demonstration of their expertise. This would only be for those wanting copies of the mal-ware here, of course. Another way would be to make the recipt of mal-ware on a pay basis - as one person suggested. The difficulty would be for those who - for whatever reason - are on a limited budget.

I voted for a vetted list..

because the question didn't get complex enough for me. I would suggest a policy of

new malware closed to vetted list for 3-7 days. Open to outside after that period newer if exploit/malware is publically known. It would allow for a short list of people to look at it and determine counter-measures, signatures, and other detection methods to be created.

--
A dark shadow in the night.

thats somewhat interesting

So far your the first person to propose a time limited vetting system. All interesting ideas.

I voted for open, because

I voted for open, because there really is no choice. No matter what you do the information is out there. You can have an isolated members only list, and other people will have the same information / get tehre eventually. You can have a screened / vetted list and still other people will get the same information and data eventually. Trying to keep this kind of information to a select few will not work. Somewhere, there is someone sittign in their basement with a 2 liter of coke and a bon jovi cd who is learning to reverse / create malware. Somewhere is a person who will be the next Optyx, or the next Valsmith, and you might never get to meet them.

You have a better chance of herding cats than you do of keeping this information under lock and key. There's no logical reason to - the arguments I've heard are all the same , and have the same answers. There is a financial reason to hide all the information, but like any other attempt to hoarde information it will fail.

How long did it take to break DVD encryption? How long was it from the time that auto makers introduced special propritary computer diagnostic interfaces to when you could buy a diagnostic reader for $50 at pep boys? When macrovision was the way to prevent VHS duplication radio shack sold a $20 box that defeated it.

You can spend your time being afraid of bogeymen and bad guys you know nothing about, or you can openly share how to make swords with all the able people you know and beat them back into submission. You can play grade school games with clubhouses and a big sign that says " No Noobs Allowed " or you can train the next gen of people who have learned to master and love the trade.

Either way you choose, the info will be out there. The bad guys will still be bad, the good guys will still be good, and the game will go on. focus your energy on the greater good, not the financial good, or the ego boosting good. Give props, take props. Constructively critique the work you see, and live up to your own standards.

Kick ass, take names, drink gin.

Anywhere, Anytime, Anyhow.

-- D

" Fuck the fucking fuckers before they fuck you "
- The Rogue Warrior

I voted for open and free to all...

I have a question...

if you want a vetted list restricting access to A/V professionals, why didn't you vote for option #3?

Open and free to all

I voted open and free to all.

As Delchi mentioned above, the information will still be widely available all around the net. It is like alcoholic drinks: in most countries children < 18 yo or even < 21 yo are not allowed to drink alcoholic drinks, but most of them do so. Script kiddies have a lot more resources to draw from, including virus builders that do not need any technical knowledge, apart from knowing how to switch on the computer.

I would propably not be put on a vetted list, since I am not a recognized A/V professional. However, I learn a lot from malware and articles posted on this site.

Open and free for all.....maybe.

Hello, I voted free for all because I came here to learn, and after doing some quick scanning of as many of your blogs as I could (mainly to see if I wasn't going to get a bogus files), only then did I start downloading samples. After (seriously) wading through more and more of your papers, I wouldn't like to pay for each download, but I wouldn't be offended if you asked for a subscription fee.
*EDIT*
Or maybe even personal contact (phone, web conference etc)
*/END*
I am not employed by an AV company, i am a student that maybe one day be employed by one. But the point is I am concerned about others (usually before mine) security and am committed to helping people fight against something they shouldn't have to change their daily routine to learn about.
I think I said this right or I might have missed the point entirely, flame me if you will......

Open

Secrecy and isolation are propogating the problems we have today. By empowering and educating the users, we have a chance to defeat the badguys. There are more of us than there are of them...

"We would have no problems in IT, if it were'nt for all of those users..."
--Any CIO in the world--

Restricted

Maybe you are right. But the fact is that if access to malware open to everyone, the spread of malware will increase. This is have a destructive consequence.

Well, most AV's have 100%

Well, most AV's have 100% detection of wildlist malware.

Expect for Kaspersky :P; failed latest VB100% test; then claimed it was invalid ...

"if you can't raise the bridge, then lower the water"

I think that it should be open to known and verified users; limiting the amount of bots collecting and releasing malware.

---------------------
Norton AntiVirus 2009

Well this is an

Well this is an exceptionally old thread, but I thought I'd ask how is posting malware on sites like this dangerous? I ask because I do not see a strong case for anyone doing widespread damage from a site like this.

There's a chance that some misguided person may send a malicious sample to someone else. But why would they? Most binaries here only cause a machine to join a botnet and/or send spam. That doesn't help a random attacker much -- only the author. I'm sure some people still do such a thing, but I don't see it happening at any scale. Additionally, shortly after a sample hits here it's almost certainly picked up by the AV companies.

Now a sophisticated attacker may alter the binary or steal techniques. But if someone is malicious and already at that point, I don't think a website like this is going to significantly further enable them.

In contrast, there are a lot of students here, independent researchers, and academics that have access to data that is used to fight the malware industry. Not to mention it keeps alive low level programming. With everyone coding in .NET or Java in school, I wonder who's going to be left to dig into system internals and unknown executables if sites like this weren't around.

--
Matthew Wollenweber
www.cyberwart.com/blog