US Cyber Command Starts Uploading Foreign APT Malware To VirusTotal

The Cyber National Mission Force (CNMF), a subordinate unit of US Cyber Command (USCYBERCOM), set in motion a new initiative this week through which the DOD would share malware samples it discovered on its networks with the broader cybersecurity community. From a report: The CNMF kicked off this new project by creating an account on VirusTotal, an online file scanning service that also doubles as an online malware repository, and by uploading two malware samples.

So they uploaded Facebook?

Bravo!

Re:So they uploaded Facebook?

It did say two samples. I think you mean: Facebook and Google.

Why only foreign?

With the US losing control of its own cyber warfare tools - shouldn't the right thing be for their own to be included?

Or is the utter stupid idea that our security has to be compromised for us to have better security still a thing amongst intelligence circles?

Re:Why only foreign?

You really are retarded aren't you if you can't figure out why you don't put your own malware on this site...

Re:Why only foreign?

i guess it was too subtle for you.

It's like Deja Vu all over again

First post

confusing headline?

For those of us who aren't immediately aware of what virustotal is, perhaps the headline should read "US Cyber Command Starts Submitting Foreign APT Malware Samples to VirusTotal"?

Re:confusing headline?

what are you talking about?

It's like Deja Vu all over again

First post.
Again.
Again.

Very good

[butzwonker]

Now if every other country uploads foreign APT malware, too, then maybe even the NSA tools will be detected.

Re:Very good

[sinij]

Yes and no. Uploading samples means that these tools can be detected as they exist right now, it doesn't mean that they would be detected after trivial code obfuscation efforts.

Signature-based detection is a dead-end of IT security evolutionary tree.

Re:Very good

the feds 'own' google (who owns virustotal) though, so.. no. no 'detections' there.

Re:Very good

[gweihir]

You mean the NSA that got Kaspersky banned because they would not ignore NSA malware?

Re:Very good

That's not exactly how it went down. Russian agents were using the internal KAV upload data feed to search specifically for what they were looking for. KAV either made that too easy and thus insecure or was complicit on some level.

Personally I like to think it's the former. KAV moving their operations out of Russia was an important mitigation, but the damage to trust had been done.

Re:Very good

The NSA I'm sure pays to get the VirusTotal feed, and if they saw one of their own pieces of malware there then within a matter of seconds I'm sure they would remotely auto-uninstall it from all places to stop themselves being caught.

Clothed Nude Male Female

Ha ha.

First security action we know of

This is the first time we hear about these people actually protecting the people, instead of only hoarding vulnerabilities or means to make false flag ops. What a nice change.
Let's hope this encourages other countries to do the same and forces antivirus companies to do the same Kaspersky did: catching NSA malware too.

Re:First security action we know of

[AHuxley]

AC its not a change. The USA does not need malware, it has what PRISM was, a direct path in and out.

Malwr.com

I can't wait for malwr.com to come back. it was great for independent researchers to download malware samples.