[ale] [OT] Databases of viruses/malware
Greg Freemyer
greg.freemyer at gmail.com
Thu Mar 3 10:54:27 EST 2011
On Thu, Mar 3, 2011 at 7:07 AM, Michael B. Trausch <mike at trausch.us> wrote:
> On Thu, 2011-03-03 at 13:36 +0000, Watson, Keith wrote:
>> What you're asking for is access to a virus zoo. All AV companies and
>> researches keep one. They are very particular who they share specimens
>> with so the will only give you one if you are a known AV company or
>> researcher and then only through secure channels.
>>
>> If you know some researchers I would recommend contacting them
>> directly and see if they will give you a sample otherwise you will
>> have to collect your own samples form the wild.
>
> Figures. I suppose that I can understand the rationale behind
> tightly-controlled access to such a thing. That said, I am going to
> have to find a way to start my own "zoo"; I do so hate reinventing
> wheels.
>
> --- Mike
Mike
Also check out bit9.com. I haven't used them, but I've seen them
recommended as a good source of file info.
ie. I believe they have MD5s of lots of software. Some of it is
"known good" and some "known bad".
Running your potential malware files against that can be a good first step.
fyi: NIST has something similar that I have used, but bit9 is supposed
to be more comprehensive.
Greg
More information about the Ale
mailing list