Online Services Let Virus Writers Check Their Work

An anonymous reader writes "Former Washington Post Security Fix blogger Brian Krebs has launched a new blog at krebsonsecurity.com, and his first story highlights a pair of underground antivirus scanning services that cater to virus writers. Scanning services like virustotal.com scan submitted files against dozens of antivirus products, and share the results with each of the vendors so that all benefit from learning about threats they don't yet detect. But there are number of budding online services that allow customers to pay per scan, and promise that the results will never get reported back to the antivirus companies. One service even tests how well web site 'exploit packs' are detected, while others promise additional layers of protection. 'The service claims that it will soon be rolling out advanced features, such as testing malware against anti-spyware and firewall programs, as well as a test to see whether the malware functions in a virtual machine.'"

Inevitable

[Spad]

As I've said before on this subject, there's a whole economy around spam, website exploits and malware, you've got people who will QA your malware for you to check for bugs and these services that will run them against common AV software and suggest ways to evade them. Then you can sell your malware to someone who will use the network of compromised sites they bought off someone else to build botnets which they then sell time on to other people who are using them to send spam emails and perform DDOS attacks on behalf of *other* people.

Re:Inevitable

[Nikker]

Black hats are notorious for being paranoid when it comes to "sharing". Why would any of them even bother when they could just as easily set up multiple VM's with different OS's and different anti virus solutions and test them out in close to real time? How can they trust that these sites won't rat them out? How can they trust a similar service isn't set up as a honey pot for this very reason? It might scare Jane and Jon Q Public but in reality it's not going to make much of a difference overall. Why should someone trust the guy on the other end of the Internet that they won't expose them and their little virus baby to the big bad corporate overlords?

Makes sense

[WiiVault]

The big AV companies have created a market of people who are behind a wall, but one that only exists as based on the guardianship of the AV maker. We know they are untrustworthy, and their very presence and size encourages this type of activity. Having a fairly consolidated market with a few vendors having a major share allows "hackers" to target those programs thus making these services useful to a wannabe testing out his exploit.

Just like gun runners...

[greg_barton]

...selling to both sides in a war.

Honor among thieves

[Shoten]

It would seem to me that, since most malware writers are essentially in competition with each other (as can be seen by past examples of malware that removes other, competing forms) that using a service like this would be against the best wishes of the attacker. I can only imagine that anyone who would provide a service like this would also be diversified enough to have their own stable of malware, and would gain value from having a copy of everything that gets submitted to them.

VirusZoo

[skyriser2]

You can also check out our site VirusZoo, that lets you safely test different viruses and malware on a shared virtual machine.

It's more for fun than a serious tool...

http://www.viruszoo.com/

Re:VirusZoo

[dark_knight_ita]

Mandatory xkcd reference: http://xkcd.com/350/

Real interesting story here

[IamTheRealMike]

Brian Krebs now has a blog. He has written some of the most consistently interesting, unique and accurate coverage of the internet [in]security world in the past few years. Subscribed.

Re:Any Reason...

[MrMr]

But these people may be US citizens. Your procedure only applies to foreigners.

Re:Waste of bullets

[sycodon]

I could lock them in a room with my dogs. They would gas the SOBs