FBI Plans To Open Up Malware Analysis Tool To Outside Researchers 31
Trailrunner7 writes: The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. Once a file is uploaded, the system runs it through a cluster of antimalware engines, somewhat akin to the way that Virus Total handles submissions, and returns a wide variety of information about the file.
Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.Right now, Malware Investigator is able to analyze Windows executables, PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal's reach in the near future. "We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon," he said.
Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.Right now, Malware Investigator is able to analyze Windows executables, PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal's reach in the near future. "We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon," he said.
No one will know who you are... (Score:1)
That's right. The FBI has no way of knowing who. you. are...
Re:if they give it away....... (Score:4, Insightful)
It's worthless trash.
First rule of maintaining a competitive edge. Keep the good shit.
They ARE keeping it, you don't get access to it directly... you just upload suspect files to their portal for analysis.
I also suspect that their systems will return false negatives when various State-sponsored malware is submitted.
Re: (Score:2)
Or a gov just goes to hardware logging or social engineering after a sneak and peek visit.
Suspect files will just be the the same real time consumer system's behavior AV finds in the wild everyday
What does it say about CIPAV (Score:1)
Does it detect the FBI's own malware I wonder.
Retarded (Score:1, Funny)
*clap* *clap* *clap* *clap*
Re: (Score:3, Insightful)
You haven't seen VirusTotal or Malwr yet?
Re: (Score:2)
Next up: Google disclosing their search algorithm.
Honeypot (Score:2, Insightful)
J Edgar Hoover is alive and well. Nothing has changed.
Re: (Score:3)
One way or another, this is a honeypot.
The worst thing the FBI will be able to learn about you if you use this service is that you're interested in security, unless you upload them some warez. They probably already know that about you.
Re: (Score:2)
Re: (Score:2)
"warez". Are you 12 years old?
No, more like three times that. But when I was into that, that's what it was still called, which tells you how long ago it was.
say it ain't so (Score:2)
system-grade comparison of AV for the consumer??
That'd give the consumer unfair advantage over the AV companies in being able to make an *informed* choice, don't you think?
I see some serious resistance to this.
reinventing the wheel (Score:4, Informative)
I was at VirusBulletin when this was being discussed.
A lot of the other comments are just typical ignorant FUD. Let me tell you exactly what this is: reinventing the wheel.
The speaker described how they had started working on a malware analysis environment back in 2004 and ultimately abandoned it as a failure in 2010. They then *clearly* didn't just look around and see what already existed, but instead just stubbornly decided to press on in making their own.
I was really cringing as the FBI agent described the system to a room full of malware analysis and AV companies, because the system was just so *basic*.
But he said that it received multiple awards within the government and was seen as being super awesome. Just another example of the government being insular and not realizing how far behind industry they are.
For those who think it's a honey pot, it's really not. Not quite anyway. The agent specifically said that the main value to them to make it open is that they *do* want to collect more malware samples. They're starting with LE (who may not be experienced enough to know they can just use one of many other free malware analysis environments, and thus will use the one the FBI hands to them). But then after LE it's a much smaller lift to just open it to everyone, and thus it's sort of a "why not" sort of thing.
Re: (Score:2)
Clearly English as a first or second language is not a prerequisite for employment at this firm.
Re: (Score:2)
The FBI will let NSA researchers have your data (Score:1)
Just ask the NSA and the other four (five, actually, but you're not permitted to know about the fifth) mil agencies who get your data from the FBI without a silly Constitutional requirement.
Serfs, not Citizens.
That's all you are.
Malware infection vector? (Score:1)
Re: (Score:2)
With wireless, huge internal networks and new staff been security cleared for very sensitive positions over the past decade... it more connecting a project to staff to a location and working the needed code in.
Internal networks are well understood as they are the same product sold around the world, trusted or been expanded with security to be upgrad
In other words (Score:1)
The FBI will soon be releasing a link to Jotti.
http://virusscan.jotti.org/en [jotti.org]