The Real Time Threat List

Righard Zwienenberg ESET
Richard Ford Florida Institute of Technology
Thomas Wegele Avira

  download slides (PDF)

Tracking malware threats that users have encountered 'in the wild' has a long history, and is an excellent example of collaboration within the anti-virus industry. For over a decade, the industry has standardized on the WildList, founded by Joe Wells, and currently run by ICSALabs. For many years, this list of active threats has served testers, users, and developers well, but it is not devoid of problems. In particular, the change in the nature of online threats has left the WildList trailing the 'real-time' threat, making it unsuitable for effective 'in-the-wild' testing.

In this presentation we explore the shortcomings of the WildList, and introduce our solution, the Real Time Threat List (RTTL). This list, hosted and sponsored by AMTSO, is based upon Avira's sample sharing system, and is designed to provide a real-time view of threats as they are found in the wild. The list allows for customization of queries to provide testers with information about specific threats in specific regions, as well as several other interesting test scenarios.

The design of the RTTL is such that all AMTSO members can contribute samples to the system. Furthermore, the system lowers the workload for many vendors who already participate in the existing Avira system. As such, we believe it represents a more forward-looking way to track and catalogue in-the-wild threats.

During the talk, we will show the prototype system, and also discuss how we see the system evolving and the new test scenarios that the RTTL enables.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.