This can sound strange to the people not involved in Malware Analysis, any times one of the big problems for a reverser is to find good live Malware samples.
Out there we have a good Malware DataBase is provided by OffensiveComputing, great source of Live Samples, but as every Community Submitting based reality not updated every time.
As should be clear, is truly important to have Live Material in Time, because malware spreading is truly fast, the only great defence (apart Security Countermeasures) is the Speed Analysis, for fast updated AntiViral Basis/Payloads, this because the basical TimeLife of a malware is directly proportional to the Speed of the Incident Reporting Companies. Home made DataBases are a great example of real life malware, especially for WebBased viruses, because implicitly these boards are a reflection of the most spreaded Social Stream Preferences, and consequently the most common choised WebSites.
About live malware samples, unfortunately this mechanism is not so efficient, for many reasons:
- Slow Time Reporting
- Geographycal Malware Density
Slow Time Reporting, is caused by different Fuse Time and obviously by not continue (linear) malware posting.
Geographycal Spreading, means that in some well defined locations we have the expansion of a particular Virus.
As you should understanded for mass malware analysis is necessary to use other technologies, as Malware Collectors and HoneyPots.
Soon I’ll publish something about mwcollection, so stay tuned 😉
See you to the next post 🙂