[funsec] Get your computer viruses here!

[Richard M. Smith]

This new Web site sounds a bit controversial.....

Richard 

-----Original Message-----
From: mvalsmith at gmail.com [mailto:mvalsmith at gmail.com] 
Sent: Thursday, December 22, 2005 5:05 PM
To: bugtraq at securityfocus.com
Subject: Malware sample site

Just wanted to let you guys know about a new computer security site at
http://www.offensivecomputing.net

The purpose of this site is to foster collaborative analysis, cataloging and
identification of malware in order to improve defense and awareness.
This was something myself and other colleagues have seen the need for a long
time but could never find anything similar because most malware collections
are either closed lists or corporate non-public collections.
This site is free and open to all.

The basic idea is to have a community site where you can search for malware
based on name or md5sum and get zipped copies.
People can upload their own samples of malware and collaborate on analysis
in a sort of a blog style. (think community commented disassembles, graphs,
ida databases, etc.)

I know there are some problems with the concept such as using md5sums but
its a start and has proven useful already.
I've got some malware collection stuff to help add to the database and I
have a small collection built up over the years that I am slowly adding as
well.

I've started it off with some copies of common stuff like welchia, sobig,
the sony drm rootkit, etc. and some minimal analysis.

This is NOT another Vx'ers site and the purpose isn't to propagate worms or
viruses but rather provide a medium for people to conduct collaborative
defense research with full access to the tools and samples.

We're interested in any feedback, collaborations, and ideas from the
community and have already gotten a ton of response since launching last
Friday.

have a good one,

V.