Costin Raiu Kaspersky Lab
Jong Purisima GFI Software
Nick Bilogorskiy
Tony Lee Microsoft
Philipp Wolf Avira
download slides (PDF)
The current model of URL exchange has followed the file exchange scheme, which is done either via FTP or email and requires each sharing entity to establish and connect with all the other entities (1:n) to receive all malicious URLs. The URLs are usually sent in emails or transferred in text files. The industry exchange standard from IEEE ICSG for URLs (as well as other meta-data) was published in 2010, and calls for a robust and efficient URL sharing framework and process.
With the ever-growing volume of malware samples, the industry has already realized that the exchanging of files can no longer be done in the same way as was done 10 years ago. To save bandwidth, the 'Norman standard of sharing files' was introduced a long while ago. More and more vendors are switching to the standard, which allows the sharing partners to download only the files that are actually new and unknown to them. What still remains with this standard is the fact that each vendor has to set up its own server that will be used to share with the others. Furthermore, each vendor has to connect to multiple servers to download the malware samples from there. Although there have been suggestions to centralize the file-sharing scheme, this would require enormous amounts of web storage and bandwidth, which would not be cost effective.
URL exchanges, on the other hand, are miniscule in size in comparison with file exchanges and require more time-sensitive sharing. With bandwidth and storage costs expected to be very low, a centralized solution would be more efficient and convenient to all parties involved.
MUTE is an effort to simplify the tracking and exchanging of malicious URLs. A project was initiated by members of MUTE (Malicious URL Tracking and Exchange), which started off as a discussion list among various anti-malware companies. Through these discussions, the members have realized that a more efficient sharing mechanism can be achieved which can help to protect customers from malicious websites much faster.
MUTE is an open source project developed to bring URL exchange to the next level. The objective is to connect to a single interface to submit and receive malicious URLs. This is done with a centralized scheme; it provides the capability to manage whitelists, blacklists, categorization into malware families, and statistics on a much wider scale.
Currently in beta, the following is a short list of the other features of MUTE:
