[ale] [OT] Databases of viruses/malware

Michael B. Trausch mike at trausch.us
Wed Mar 2 17:46:34 EST 2011 

On Wed, 2011-03-02 at 15:28 -0500, Greg Freemyer wrote:
> You can submit malware to "totalvirus.com" (or is it virustotal.com)
> to see who has it in their malware av signature list.  Almost
> immediate results.

Signatures are one thing; the payloads themselves are quite another.  I
have found one site that seems to have what I'm looking for, but they
charge > $1,000/mo for access to it.

Tonight I will be picking up an external HDD that has the critter on it
(I dd'd the drive it was on to an image file on the external HDD), but I
was hoping for some sort of a resource that would have the bugs
themselves.  I would wager a guess that since most of the bugs are out
there and in the wild, that there has to be someone or someplace that
has a collection online that would have a list of them as well as the
actual contents of the program.

Most of the knowledge bases that I have found in my hunting today have
proved to be useless; either they are completely unaware of the thing
that I'm looking for, or they have minimal information on it and the
family of critters that it belongs to.  Certainly none of them have made
available the binary, or a disassembly, or any other similarly useful
information that could be looked at to assess first-hand the impact that
it might have on a system that it's found its way into.

I wish I could say that it's an extraordinary event in the world of
Windows workstations, but it is not.  This is far from the first time
that I have encountered a piece of software that managed to jump over
several different hurdles and get into the system itself.  I'm seriously
considering setting up something such that if a system winds up with
something nasty on it, one can boot using PXE and select an option that
will wipe the drive and deploy its own image back to it.  That would
require about two weeks of active work, of course, but it'd have the
ability to ntfsclone back to a working state.  What passes for a usable
OS in Microsoft-land **really** agitates me.

I will say this: I am really starting to reconsider whether or not I
want anything to do with networks that have Windows workstations on
them.  They are awful, nasty things.  I should be spending my time
incrementally improving network operations and working on project work.
Instead, every bloody time I turn around, there is SOMETHING that's
broken.  And as far as this computer system goes, this is the second
time that it has acquired something... but not the same thing as last
time, either.

	--- Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110302/65c6c52a/attachment.bin

More information about the Ale mailing list