Hi there,
I know some of the people on this list and i've lurked here for a long time so I thought there might be some interest in a project i've been working on for a little while.
http://www.offensivecomputing.net
I know there are a couple of things similar (like Pedram's openrce and Hoglund's rootkits.com) but I haven't found anyone doing exactly this so I thought there might be a need or use for it in the community.
The basic idea is a community site where you can search for malware based on name or md5sum and get zipped copies. People can upload malware and collaborate on analysis in a sort of a blog style. (think community commented disassemblies, graphs, ida databases, etc.)
I know there are some problems with it such as md5sums aren't the best method for cataloging malware but its a start. And honestly most of the stuff I run across in general is not super sophisticated or polymorphic, etc.
I've got some malware collection stuff to help add to the database and I have a small collection built up over the years that I am slowly adding.
I've started it off with some copies of common stuff like welchia, sobig, the sony drm thing, etc. and some minimal analysis stuff.
I'm open to any suggestions/contributions or even "this isn't a good idea because . . ."
thanks!
V.
Reply With Quote