Collaborative Security against Malware and Botnets
I am a researcher working on Botnets and Malware. In the previous months I have been studying Storm. What I have learned from this experience was really useful, but I have also seen that there is a lot of improving to be done in the way Malware and Botnets are fought.
Right now there is a huge waste of energy in the research on this topic. For example, there were different groups studying Storm (including mine) and all these group implemented their own crawler, they all reversed the binary and so on. That is, to understand how the three or four russian coders made Storm, dozens of researchers worked basically redoing the same stuff many times.
I have posted some of my findings and of my scripts here on Offensive Computing and I found it as a great resource. There are many skilled reversers here and security researchers. The only problem is that I don't think a forum is the best way to handle data regarding Malware and Botnets, because data on forums is sometimes to sparse. Wikis and Forges can be much better in this sense, they allow multiple people to work on the same project in a collaborative way.
So here is my proposal for the community. What about a central repository of all the information about Botnets including botnet-specific tools necessary to analyze and study them. Very much like SourceForge, but the goal of a project wouldn't be to create a software but to destroy a Botnet. For example there would a project about Storm, one about Rustock and so on, each project having a Project Lead and Team members.
So, each Botnet would be handled as a project where all the tools and programs used to inspect, analyze and infiltrate a Botnet would be available to the community with proper versioning support. Moreover all the 'intelligence' on the Botnet would be accessible through a Wiki.
This intelligence would include:
- how the Botnet spreads (email, browser exploits, etc)
- how the binary hides it self in the computer
- What the C&C channel is and how it could be stopped.
- Analysis on the Botnet's Spam and other possible uses.
This information would be really valuable to ISPs, Spam Filters, authorities, Registrars and could ultimately lead to dismantle Botnets faster.
Security Researchers are far greater in number than Cyber Criminals and far better skilled. It's time to put together all this knowledge.
I am open to suggestions on how a similar website could work, right now I have a domain name we could use collaborativesecurity.org.
And I could contribute all the information and programs I have coded and used to study Storm.
What could be the best way to implement the Web Application? Using GForge, Trac? Or coding a brand new application?
How would the community be organized and how the admission to participate within a Project could work?
And then if the site starts to be effective, how to protect it from DDoS?
A site like this and Offensive Computing would be complementary to each other :)