Samples.malware.org: sample sharing for the next decade?

Richard Ford, Thomas Walsh and William Allen Florida Institute of Technology

  download slides (PDF)

In the anti-malware industry public discussion of sample exchange is verboten - any discussion regarding sample trades are far too reminiscent of 'black-hat' activities for comfort. However, the reality is that the anti-malware industry has an extensive sample-sharing community that is crucial to providing protection globally. Unfortunately, as the goals of some malware authors change, the effectiveness of traditional sharing paradigms requires revisiting. In particular, corporate users are desirous of a rapid way of submitting samples to a group of vendors in one simple step, as well as investigating suspicious files with multiple scanners. In order to address this need, various sample submission and multi-scanner 'services' (such as VirusTotal and Jotti) have been developed. However, these services have the potential to be abused by both malware writers and users to the detriment of the industry in general.

In this paper, we present a design for a robust and safe sample submission service, as well as review some of the history of industry sample sharing. The presentation concludes with a demonstration of our automated sample submission service, samples.malware.org, and discusses design choices that make the system more robust for end-users, resistant to abuse, and capable of providing benefit to the community at large.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.