Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Plans To Open Up Malware Analysis Tool To Outside Researchers

Posted by Soulskill on from the definitely-totally-detects-fbi-malware-totally-definitely dept.

Trailrunner7 writes: The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others. The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. Once a file is uploaded, the system runs it through a cluster of antimalware engines, somewhat akin to the way that Virus Total handles submissions, and returns a wide variety of information about the file.

Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.Right now, Malware Investigator is able to analyze Windows executables, PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal's reach in the near future. "We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon," he said.

19 of 31 comments (clear)

  1. No one will know who you are... by fustakrakich · · Score: 1

    That's right. The FBI has no way of knowing who. you. are...

    --
    “He’s not deformed, he’s just drunk!”
  2. What does it say about CIPAV by Anonymous Coward · · Score: 1

    Does it detect the FBI's own malware I wonder.

  3. Re:if they give it away....... by Anonymous Coward · · Score: 4, Insightful

    It's worthless trash.

    First rule of maintaining a competitive edge. Keep the good shit.

    They ARE keeping it, you don't get access to it directly... you just upload suspect files to their portal for analysis.
    I also suspect that their systems will return false negatives when various State-sponsored malware is submitted.

  4. Retarded by LordWabbit2 · · Score: 1, Funny

    That's just plain stupid. So any malware author can now run their files through the FBI's malware program until they figure out a way to get past all it's checks.
    *clap* *clap* *clap* *clap*

    --
    There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
    1. Re:Retarded by Anonymous Coward · · Score: 3, Insightful

      You haven't seen VirusTotal or Malwr yet?

    2. Re:Retarded by StripedCow · · Score: 1

      Next up: Google disclosing their search algorithm.

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
  5. Honeypot by Required+Snark · · Score: 1, Insightful
    One way or another, this is a honeypot.

    J Edgar Hoover is alive and well. Nothing has changed.

    --
    Why is Snark Required?
    1. Re:Honeypot by drinkypoo · · Score: 2

      One way or another, this is a honeypot.

      The worst thing the FBI will be able to learn about you if you use this service is that you're interested in security, unless you upload them some warez. They probably already know that about you.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    2. Re:Honeypot by Required+Snark · · Score: 1

      "warez". Are you 12 years old?

      --
      Why is Snark Required?
    3. Re:Honeypot by drinkypoo · · Score: 1

      "warez". Are you 12 years old?

      No, more like three times that. But when I was into that, that's what it was still called, which tells you how long ago it was.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  6. say it ain't so by ihtoit · · Score: 1

    system-grade comparison of AV for the consumer??

    That'd give the consumer unfair advantage over the AV companies in being able to make an *informed* choice, don't you think?

    I see some serious resistance to this.

    --
    Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
  7. reinventing the wheel by BIOS4breakfast · · Score: 4, Informative

    I was at VirusBulletin when this was being discussed.

    A lot of the other comments are just typical ignorant FUD. Let me tell you exactly what this is: reinventing the wheel.

    The speaker described how they had started working on a malware analysis environment back in 2004 and ultimately abandoned it as a failure in 2010. They then *clearly* didn't just look around and see what already existed, but instead just stubbornly decided to press on in making their own.

    I was really cringing as the FBI agent described the system to a room full of malware analysis and AV companies, because the system was just so *basic*.

    But he said that it received multiple awards within the government and was seen as being super awesome. Just another example of the government being insular and not realizing how far behind industry they are.

    For those who think it's a honey pot, it's really not. Not quite anyway. The agent specifically said that the main value to them to make it open is that they *do* want to collect more malware samples. They're starting with LE (who may not be experienced enough to know they can just use one of many other free malware analysis environments, and thus will use the one the FBI hands to them). But then after LE it's a much smaller lift to just open it to everyone, and thus it's sort of a "why not" sort of thing.

  8. Re:online jobs by ihtoit · · Score: 1

    Clearly English as a first or second language is not a prerequisite for employment at this firm.

    --
    Political debates have me rolling my eyes so much I think I got optical whiplash. I should sue. - Foamy The Squirrel
  9. The FBI will let NSA researchers have your data by WillAffleckUW · · Score: 1

    Just ask the NSA and the other four (five, actually, but you're not permitted to know about the fifth) mil agencies who get your data from the FBI without a silly Constitutional requirement.

    Serfs, not Citizens.

    That's all you are.

    --
    -- Tigger warning: This post may contain tiggers! --
  10. Malware infection vector? by lippydude · · Score: 1

    How does this malware get onto Windows, Android and these other operating systems in the first place?

    1. Re:Malware infection vector? by AHuxley · · Score: 1

      A person at a cafe, gym gets near a person who has clearance, a file worked on at home is infected, a well crafted email that is opened on an internal network.
      With wireless, huge internal networks and new staff been security cleared for very sensitive positions over the past decade... it more connecting a project to staff to a location and working the needed code in.
      Internal networks are well understood as they are the same product sold around the world, trusted or been expanded with security to be upgraded when done.
      Ideas around cloud, sharing data, regional and national searching is also a new aspect to what was one air gapped. Contractors are also happy to suggest wider networking, upsell their network security and onging network support.

      --
      Domestic spying is now "Benign Information Gathering"
  11. In other words by myoparo · · Score: 1

    The FBI will soon be releasing a link to Jotti.

    http://virusscan.jotti.org/en

  12. Re:if they give it away....... by AHuxley · · Score: 1

    State-sponsored malware seems to be crafted per person or project so it can get past most of the existing behavioral analysis.
    Or a gov just goes to hardware logging or social engineering after a sneak and peek visit.
    Suspect files will just be the the same real time consumer system's behavior AV finds in the wild everyday :)

    --
    Domestic spying is now "Benign Information Gathering"
  13. Re:online jobs by gargleblast · · Score: 1

    Yeah. Just long sentences.