Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security The Internet

FBI Plans To Open Up Malware Analysis Tool To Outside Researchers 31

Trailrunner7 writes: The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. Once a file is uploaded, the system runs it through a cluster of antimalware engines, somewhat akin to the way that Virus Total handles submissions, and returns a wide variety of information about the file.

Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.Right now, Malware Investigator is able to analyze Windows executables, PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal's reach in the near future. "We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon," he said.
This discussion has been archived. No new comments can be posted.

FBI Plans To Open Up Malware Analysis Tool To Outside Researchers

Comments Filter:
  • That's right. The FBI has no way of knowing who. you. are...

  • by Anonymous Coward

    Does it detect the FBI's own malware I wonder.

  • Retarded (Score:1, Funny)

    That's just plain stupid. So any malware author can now run their files through the FBI's malware program until they figure out a way to get past all it's checks.
    *clap* *clap* *clap* *clap*
  • Honeypot (Score:2, Insightful)

    One way or another, this is a honeypot.

    J Edgar Hoover is alive and well. Nothing has changed.

    • One way or another, this is a honeypot.

      The worst thing the FBI will be able to learn about you if you use this service is that you're interested in security, unless you upload them some warez. They probably already know that about you.

  • system-grade comparison of AV for the consumer??

    That'd give the consumer unfair advantage over the AV companies in being able to make an *informed* choice, don't you think?

    I see some serious resistance to this.

  • by BIOS4breakfast ( 3007409 ) on Tuesday September 30, 2014 @07:04AM (#48026163)

    I was at VirusBulletin when this was being discussed.

    A lot of the other comments are just typical ignorant FUD. Let me tell you exactly what this is: reinventing the wheel.

    The speaker described how they had started working on a malware analysis environment back in 2004 and ultimately abandoned it as a failure in 2010. They then *clearly* didn't just look around and see what already existed, but instead just stubbornly decided to press on in making their own.

    I was really cringing as the FBI agent described the system to a room full of malware analysis and AV companies, because the system was just so *basic*.

    But he said that it received multiple awards within the government and was seen as being super awesome. Just another example of the government being insular and not realizing how far behind industry they are.

    For those who think it's a honey pot, it's really not. Not quite anyway. The agent specifically said that the main value to them to make it open is that they *do* want to collect more malware samples. They're starting with LE (who may not be experienced enough to know they can just use one of many other free malware analysis environments, and thus will use the one the FBI hands to them). But then after LE it's a much smaller lift to just open it to everyone, and thus it's sort of a "why not" sort of thing.

  • Just ask the NSA and the other four (five, actually, but you're not permitted to know about the fifth) mil agencies who get your data from the FBI without a silly Constitutional requirement.

    Serfs, not Citizens.

    That's all you are.

  • How does this malware get onto Windows, Android and these other operating systems in the first place?
    • by AHuxley ( 892839 )
      A person at a cafe, gym gets near a person who has clearance, a file worked on at home is infected, a well crafted email that is opened on an internal network.
      With wireless, huge internal networks and new staff been security cleared for very sensitive positions over the past decade... it more connecting a project to staff to a location and working the needed code in.
      Internal networks are well understood as they are the same product sold around the world, trusted or been expanded with security to be upgrad
  • The FBI will soon be releasing a link to Jotti.

    http://virusscan.jotti.org/en [jotti.org]

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...