Hacking The Dead Cow
Yet another malware search engine debuts, but this one doesn't entirely rely on Google.
They are now adding a new chapter to their infamous history with the release of a new malware search engine that enables researchers to analyze over 31,000 "hostile" files.
It's all part of an effort the cDc calls "offensive computing."
Originally founded in 1984, cDc and its members are well known for a number of their efforts over the past 22 years.
Back Orifice was updated in 2000 as B02K and is currently maintained as an open source project on the SourceForge.net code repository.
In cDc's new offensive computing strategy, the group is turning its skills toward hacking malware.
Part of the effort is the malware search engine, which is geared toward increasing the knowledge around malware to better improve detection and removal.
There is also a relationship between the Malware search effort and that hatched last month by H.D. Moore of Metasploit fame; it uses Google to find malicious code.
"We use Google from time to time, and we worked with H.D. Moore on his Google malware search project," Val Smith a cDc member and part of the offensive computing effort, told internetnews.com. "We provided him signatures to search on)."
Smith explained that his group has written some code to do auto analysis of malware.
"People upload it directly to the site, or provide me with archives over e-mail, and then we load it into our auto analyzer," Smith said.
"Once the analysis is done, that data gets put into the database which people can search. We have large collections of malware sitting around waiting to be bulk processed."
Access to the offensive computing malware search requires user registration, though only a valid e-mail address is required for the registration.
While most of the major AV vendors, including McAfee, Symantec, Panda Labs, Sophos and others, provide online libraries of vulnerabilities, there are a few things that offensive computing provides that the commercial vendors do not.
For one, offensive computing provides downloadable samples of the malware in question.
It also includes a clear warning to users: "This site contains samples of live malware. Use at your own risk."
August 02, 2006
Once again, don't open an attachment from an unknown source.