Malware sharing? People are full of shit [was: Get your computer viruses here!]

[Gadi Evron <gadie () infragard org il>]

Blue Boar wrote:
> Drsolly wrote:
>
> > I already emailed with this guy to tell him about the reasons why he 
> > might not want to do this. I obviously failed.
> >
> > I don't see what the difference is, between this, and a VX site.
>
>
> The difference being that he isn't creating any new malware himself?
>
> I've often thought about putting up such a site myself, and may still do 
> so someday.  Of course, most people who work(ed) in the AV industry 
> disagree with me on whether it's a good idea to allow public access to 
> malware, so there you go.
>
> I haven't looked at his implementation details.  My plans call for 
> features which would prevent my site from being usable as a download 
> site from victimized machines.

Here is how I changed my mind 180 degrees.

Sharing samples is a very problematic issue. It should be done with 
care. Also, it should be done by the rules of the one sharing. Period.

Further, it should be done in a white-hat baby-ass clean manner.

Other than that, not sharing samples has turned from a Good Thing to a 
way of preserving knowledge in the hands of a few.

Today, the Bad Guys have all the samples they want and more. The Good 
Guys don't, and the Good Guys are divided and would rather keep 
knowledge from the other Good Guys while the Bad Guys share.

Give me a break.

Researchers today need a source. Period. Hiding from the Good Guys 
what's in plain view for the Bad Guys is criminal.

The AV industry in this manner turned from being sane, to being full of 
shit.

Still.. I don't know this guy and there are WAYS of doing it and ways of 
being a blackhat.

He has a head-start as for most AV-ers he already is a blackhat.

If he does keep it clean, I would suggest he keeps it clean some more 
and just do his thing, ignoring the flamers and taking criticism from 
those who would give it.

Enough with this already.

Drsolly - you know what's out there, there are no longer practical 
reasons to keep MOST samples hidden. The moral grounds collapsed 2 years 
ago or so and traditions and marketing/status-fear keep it from changing.

If you re-examine this issue as not black and white and accept it is an 
issue not to be addressed in ABSOLUTE MORALITY such as nuclear weapons, 
I believe you will see it my way, or close.

I often don't need samples, at all. When I do I follow stricter 
guidelines than most, why? Because that's the way it's done and I 
respect that.
It has to change.

        Gadi.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.