HDM from the Metasploit project has released a malware search engine. This is an open tool based on a similar idea from Websense. HD's idea expands on the Websense code in several ways. First it's an open project with code available. Second it searches for actual malware signatures, rather than just .exe's. HD uses the signature output from ClamAV to find the name of the malware. This is then used in conjunction with a PE signature matching method to form a Google query. Afterwards the malware can then be downloaded directly from google.
We provided our malware database to HDM for use in the initial tool. The results of the google downloads can be seen in the order of magnitude jump of our malware collection. Thanks HDM!
Coming to Defcon: A New Bioinformatics-Inspired and Binary Analysis: Coding Style/Motif IdentificationSubmitted by dannyquist on Sun, 2006-07-09 19:43. Administrivia | Research
Please welcome Scott Miller, hllywood, to Offensive Computing. Scott will be presenting at Defcon 14 on his blast tool. We're happy to have Scott onboard!
Here's the abstract for Scott's talk:
Security analysis is severely complicated by the size and abundance of executable code. Existing concepts and code can be combined, obfuscated, packed, and hidden toward the ends of evading detection and frustrating analysis. Is that patch fixing the problem it claims to fix? Have you seen that malicious code before? Have you seen these particular motifs/style before?
Read more for full details.
"A little-known capability in Google's search engine has helped security vendor Websense uncover thousands of malicious Web sites, as well as several legitimate sites that have been hacked, the company said today."
What's really interesting is this portion:
"Hubbard and his team plans to share its Google code with a select group of security researchers, but it will not make the software public, for fear that the tool could be misused by the bad guys."
This is yet another example of the reluctance to share information regarding malware. There's enough information in the article to replicate this information, but there is not enough to make it a viable tool..unless you want to spend a lot of money.
Welcome to the Offensive Computing open malware research project. If you're reading this you may (or may not) be interested in researching malware. There are a few different ways that you can contribute. You can upload your malware samples, download the samples, or discuss them.
Hello folks, let me introduce myself.
I'm Nomenumbra, a random netizen with a great interest in computer security. My interests lie with the offensive side of computer security, including malware research.
Well, I recently remembered i'd signed up to this webpage, which is a great initiatize which I, as a VX researcher'd like to contribute to.
I wrote a short series of VX reversing articles for you to enjoy (i hope :) ):
NOTE: This is for windows hosts only!