[Malware Hunting] Some Considerarion


This can sound strange to the people not involved in Malware Analysis, any times one of the big problems for a reverser is to find good live Malware samples.

Out there we have a good Malware DataBase is provided by OffensiveComputing, great source of Live Samples, but as every Community Submitting based reality not updated every time.

As should be clear, is truly important to have Live Material in Time, because malware spreading is truly fast, the only great defence (apart Security Countermeasures) is the Speed Analysis, for fast updated AntiViral Basis/Payloads, this because the basical TimeLife of a malware is directly proportional to the Speed of the Incident Reporting Companies. Home made DataBases are a great example of real life malware, especially for WebBased viruses, because implicitly these boards are a reflection of the most spreaded Social Stream Preferences, and consequently the most common choised WebSites.

About live malware samples, unfortunately this mechanism is not so efficient, for many reasons:

  • Slow Time Reporting
  • Geographycal Malware Density

Slow Time Reporting, is caused by different Fuse Time and obviously by not continue (linear) malware posting.

Geographycal Spreading, means that in some well defined locations we have the expansion of a particular Virus.

As you should understanded for mass malware analysis is necessary to use other technologies, as Malware Collectors and HoneyPots.

Soon I’ll publish something about mwcollection, so stay tuned 😉

See you to the next post 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: