Community Malicious code research and analysis

View previous topic View next topic Go down

Community Malicious code research and analysis

Post by Ruhe on 20/4/2010, 00:32

I use some of the offered samples to test local security software and system-/software configurations against them.

About:

The primary emphasis here is on malware collections and analysis for the purpose of improving people's abilities to defend their networks. There is a noticeable lack of public sources of malware and malware analysis available. Those that were available were either for sale or limited to a small number of users. We provide resources such as live copies of malicious software, md5sums to search on and analysis of the malware to the general public. Offensive Computing currently has the largest publicly available malware collection on the Internet.

This way users can match malware they find on a system and they can quickly identify it and know the best defense. By removing barriers to information we believe this will make the Internet a safer place.

This site does NOT encourage or condone the spreading or propagation of viruses or worms. Thats exactly what this site is designed to help defend against.

The intent of providing live copies of malware is so that the community can collaborate on identifying and analyzing them in order to develop snort signatures and other defenses.


www [dot] offensivecomputing [dot] net
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: Community Malicious code research and analysis

Post by ssj100 on 20/4/2010, 00:36

Thanks I'll check this out. I've been looking for sites like this.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Community Malicious code research and analysis

Post by Ruhe on 20/4/2010, 00:44

Got a TDLS3 rootkit there for example and never found a more comprehensive side so far.
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: Community Malicious code research and analysis

Post by Ruhe on 20/4/2010, 00:56

In some tests you will see that they post hashes of the used samples, or hashes only and no names. You can use the given hashes and search for them on the offensivecomputing page Wink
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: Community Malicious code research and analysis

Post by Ruhe on 20/4/2010, 02:32

In Nov. 2008 (ok, a bit old, but better than nothing) someone at Offensive Computing posted a 300 MB file with about 6400 samples. I don't intend to publish a link, but Google may help Cool
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: Community Malicious code research and analysis

Post by ssj100 on 20/4/2010, 09:38

Thanks for the information Ruhe. Feel free to post the link in a non-hyperlink form or similar with the appropriate warning.

Cheers.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: Community Malicious code research and analysis

Post by Ruhe on 20/4/2010, 23:09

Just enter the colored words in Google Very Happy
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: Community Malicious code research and analysis

Post by nick s on 21/4/2010, 09:21

I generally use the following resources for grabbing current malware...

malc0de.com/database/

malwaredomainlist.com/mdl.php

malwaredomainlist.com/forums/

support.clean-mx.de/clean-mx/viruses.php?sort=id%20desc&response=alive

malwareurl.com/listing-urls.php?urls=on


Last edited by nick s on 21/4/2010, 09:53; edited 1 time in total

nick s
Valued Member
Valued Member

Posts : 14
Join date : 2010-04-18

View user profile

Back to top Go down

Re: Community Malicious code research and analysis

Post by nick s on 21/4/2010, 09:27

Ruhe wrote:Got a TDLS3 rootkit there for example and never found a more comprehensive side so far.
Keep an eye on this thread at KernelMode.info for the latest TDL3 news and samples: Rootkit TDL 3 (alias TDSS, Alureon).

nick s
Valued Member
Valued Member

Posts : 14
Join date : 2010-04-18

View user profile

Back to top Go down

Re: Community Malicious code research and analysis

Post by Ruhe on 21/4/2010, 12:35

nick s, thanks for sharing.
avatar
Ruhe
Valued Member
Valued Member

Posts : 261
Join date : 2010-04-16
Location : Germany

View user profile

Back to top Go down

Re: Community Malicious code research and analysis

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum