Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: SysAdMini on September 28, 2009, 11:00:00 pm

Title: MalwareDiariesList? why not?
Post by: SysAdMini on September 28, 2009, 11:00:00 pm
http://blogs.paretologic.com/malwarediaries/index.php/2009/09/28/malwarediarieslist-why-not/

Quote
I am working on something similar to MDL (MalwareDomainList) for security researchers.

Our array of HoneyPots is collecting a lot of URLs and so far, we havenít been sharing them except for the occasional blogpost mentioning this or that URL.

We do currently share our HoneyPot samples with our partners which is good, but URLs do have a high value as well for security researchers.

Anyway, unlike MDL I plan on restricting the access for different reasons. Our current partners will have free access as an added bonus to our sample shares.

So stay tuned for this upcoming project.

Jerome Segura
Title: Re: MalwareDiariesList? why not?
Post by: cleanmx on September 28, 2009, 11:19:46 pm
hi @all

my 5 cents ...

bullshit.. why ? simply any collected url is in my opinion public domain.

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

-- gerhard
Title: Re: MalwareDiariesList? why not?
Post by: SysAdMini on September 28, 2009, 11:31:07 pm

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

-- gerhard

I agree completely.

In order to win this fight the security has to cooperate and share their findings. Disclosing as much as possible is a must.
Title: Re: MalwareDiariesList? why not?
Post by: cleanmx on September 28, 2009, 11:53:08 pm
i just registered on his blog and wrote a comment....

not yet published.... on his blog... here the content of my posting for reference...

-- gerhard

Quote
Hi Jerome,

I just came along within MDL to your article...


my 5 cents ...

bullshit.. why ? simply any collected url is in my opinion public domain.

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

this is a open invitation to you and your company to fully share all retrieved url to the community.

we @ netpilot dedicate bandwidth, storage and man power to consolidate these data, so we expect from your company to assist us by feeding your url's to our database.


-- gerhard

Title: Re: MalwareDiariesList? why not?
Post by: Serg on September 29, 2009, 09:41:39 am
I agree with cleanmx
Title: Re: MalwareDiariesList? why not?
Post by: SysAdMini on September 29, 2009, 02:46:22 pm
Jerome's answer:

MalwareDiariesList: the comments
http://blogs.paretologic.com/malwarediaries/index.php/2009/09/29/mdl/
Title: Re: MalwareDiariesList? why not?
Post by: Serg on September 29, 2009, 03:07:33 pm
I forgot to grab his face during vb >:(
Title: Re: MalwareDiariesList? why not?
Post by: cleanmx on September 29, 2009, 03:19:52 pm
my reply

subject: comments on your blog are *not* visible
Quote
Hi Jerome,

sorry if i had treated you in a someone rough way...

1) it was late in Germany
2) I had been slightly angry about your wording in your original post.
3) i'm nor a hater, or similar ....

but

1) we are too not a charity organization
2) parts of our work will be public without any restrictions

so the main thing is to hide Url's and not giving them to researches and consolidators in this business is not a really good idea, on the other hand you in turn use hphost, malwareurl, malwaredomainlist and probably clean-mx.

so please do not shut a door, think about this invitation.

-- gerhard

btw.

why is my comment not visible, only your quoted one ?
Title: Re: MalwareDiariesList? why not?
Post by: cleanmx on September 29, 2009, 03:25:45 pm
vb ? please help an old man to put things together


Quote
I forgot to grab his face during vb Angry
Title: Re: MalwareDiariesList? why not?
Post by: RS-232 on September 29, 2009, 03:44:57 pm
Quote
A lot of people donít know what theyíre doing and would just infect themselves.

Oh boy,it's once again the same old ideas (or should I better say 'excuses'),that make me yawn...
And I thought that by now,it should be clearly understood that we don't live in the 90s era anymore,
where vxers where occasionally publishing their stuff only to show off...
4600$ per day in their pocket for spreading malware and advertizing illegal pharmacy,
is a pretty good reason for me to consider any collected url as public domain,heh...  ;)

Quote
Other people would leverage that information to infect others (I donít want it to fall into the wrong hands).
Malware and it's control is simply...already in the wrong hands,he-he - that's by nature to say so ;-)
For the over-cautious,well,obviously not all research info should be made public,
yet I think SysAdMini already described that in the most exact words above..."disclosing as much as possible is a must".
Title: Re: MalwareDiariesList? why not?
Post by: RS-232 on September 29, 2009, 03:48:54 pm
Quote
vb ? please help an old man to put things together

Quote
I forgot to grab his face during vb Angry

...i think it's Serg's invitation to him,but I somehow fear that MalwareDiaries will not accept it...  ;D
Title: Re: MalwareDiariesList? why not?
Post by: Serg on September 29, 2009, 03:51:30 pm
vb ? please help an old man to put things together


Quote
I forgot to grab his face during vb Angry

I've met Jerome on VB  2009 in Geneva. He speaks a lot...   
Title: Re: MalwareDiariesList? why not?
Post by: cleanmx on September 29, 2009, 04:12:22 pm
now I'm confused...

I did a short google on  http://www.google.de/search?hl=de&source=hp&q=+MalwareDiariesList%3F+why+not%3F&btnG=Google-Suche&meta=&aq=f&oq= (http://www.google.de/search?hl=de&source=hp&q=+MalwareDiariesList%3F+why+not%3F&btnG=Google-Suche&meta=&aq=f&oq=)

and clicked on : http://www.google.de/url?sa=t&source=web&ct=res&cd=5&url=http%3A%2F%2Fwww.securitynewsportal.com%2Fsecurityblogs%2F&ei=eC_CSuKOOo3emAO6-4GyBg&usg=AFQjCNEWQ0n7jqfuDHGGy-VdAJNMWi_9fg&sig2=E4LWfTNMmBqKvGMSso-GmA (http://www.google.de/url?sa=t&source=web&ct=res&cd=5&url=http%3A%2F%2Fwww.securitynewsportal.com%2Fsecurityblogs%2F&ei=eC_CSuKOOo3emAO6-4GyBg&usg=AFQjCNEWQ0n7jqfuDHGGy-VdAJNMWi_9fg&sig2=E4LWfTNMmBqKvGMSso-GmA)

result: even the same if i use my home dsl proxy....
Code: [Select]

Your IP Range is Blocked


There is too much Bot and script kiddie activity originating from your IP range


Your IP has passed on. Your IP is no more. It has ceased to be. It is banned and gone to meet its maker
It is a stiff. Bereft of life, it rests in peace. It is pushing up the daisies. Its digital processes are now history.
It has kicked the bucket and shuffled off to IP banned heaven. YOU HAVE AN EX-IP


Exemptions to the blocking of your IP are available by request
Title: Re: MalwareDiariesList? why not?
Post by: SysAdMini on September 29, 2009, 04:19:20 pm
Your IP Range is Blocked

This is normal behaviour for this site. It happens to me daily.

See also:

http://www.malwaredomainlist.com/forums/index.php?topic=2205.0

Title: Re: MalwareDiariesList? why not?
Post by: malwarediaries on October 22, 2009, 02:55:57 am
Quote
I forgot to grab his face during vb Angry
[/quote]

I've met Jerome on VB  2009 in Geneva. He speaks a lot...   
[/quote]

What's up with all this anger?
By the way, I don't think I speak that much... I'm rather shy instead.

Who are you Serg? I don't remember meeting you in VB?

Jerome
Title: Re: MalwareDiariesList? why not?
Post by: malwarediaries on October 22, 2009, 03:06:41 am
I'm still working on the List, which I like to call Clearing House.

As far as people infecting themselves, I'd like to put a "Terms and Conditions" thing.... which basically would clear us of any liabilities.

People will have a username / password, very similar to what offensivecomputing does.

You know this public domain thing... Do you think that companies like Hitwise or Commtouch would give away their URLs for free? No way Jose... you have to pay. It takes money to run servers and what not. If you can pay the costs out of your own pocket then you must really be a good soul.

We already share samples with other companies / people. I think sharing URLs in the same way would be good.

We'll see.

Jerome
Title: Re: MalwareDiariesList? why not?
Post by: malwarediaries on October 22, 2009, 03:15:39 am

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

-- gerhard

I agree completely.

In order to win this fight the security has to cooperate and share their findings. Disclosing as much as possible is a must.

Hey SysAdmin, I'm cool to share stuff with other partners. Just not anybody out there.

I've always shared whatever malware I discover through our FTP server, which many of the top AV vendors have access to.

Also, on the blog posting links and such. So it's not like I'm retaining all the good stuff to myself.

Jerome
Title: Re: MalwareDiariesList? why not?
Post by: SysAdMini on October 22, 2009, 06:56:26 pm

to speak from partners, non-disclosure and all this stuff is not productive to keep the live-cycle of these criminal acts as short as possible.

-- gerhard

I agree completely.

In order to win this fight the security has to cooperate and share their findings. Disclosing as much as possible is a must.

Hey SysAdmin, I'm cool to share stuff with other partners. Just not anybody out there.

I've always shared whatever malware I discover through our FTP server, which many of the top AV vendors have access to.

Also, on the blog posting links and such. So it's not like I'm retaining all the good stuff to myself.

Jerome

Hi Jerome,

what about people are unable to pay for those information? What about people who are not famous researchers?
Aren't they worth to get those information ?

Don't take offence, but what your are planning looks only like another way of making money than a contribution to security.

Title: Re: MalwareDiariesList? why not?
Post by: malwarediaries on October 22, 2009, 10:55:57 pm


Hi Jerome,

what about people are unable to pay for those information? What about people who are not famous researchers?
Aren't they worth to get those information ?

Don't take offence, but what your are planning looks only like another way of making money than a contribution to security.


[/quote]


Hi,

I already share info with many independent security folks that I trust. They have access to a repo of malware samples, and I don't expect anything in return.
What happens is during the course of my blog or conferences I get to meet people, we chat and such and if the relationship is good, I open up the gates.

I find it important to establish trust in this industry. If you open up your service to the world, you have no control over who is going to use the information. You'll have people that steal your hard work and take credit for it, or worse use the info in their product and make money off your back without even saying thank you.

By the way, I'm not a famous researcher  ;)

Jerome

Title: Re: MalwareDiariesList? why not?
Post by: sparsha on October 23, 2009, 11:31:39 am
Hi Jerome,

Welcome to MDL!

We @ MDL have a simple mission "Bust the bad guys" and nothing more. We hope your contribution to security continues!

Cheers,
Sparsha
Title: Re: MalwareDiariesList? why not?
Post by: malwarediaries on October 23, 2009, 04:43:56 pm
Hehe thanks Sparsha... exposing the bad guys makes my day  ;D
Title: Re: MalwareDiariesList? why not?
Post by: cleanmx on October 23, 2009, 05:08:55 pm
Hi Jerome,

good decision to share your data

please provide us this a link or method to obtain these url's !

-- gerhard
Title: Re: MalwareDiariesList? why not?
Post by: malwarediaries on November 02, 2009, 11:57:57 pm
Update:

http://blogs.paretologic.com/malwarediaries/index.php/2009/11/02/mdl-url-clearing-house/
Title: Re: MalwareDiariesList? why not?
Post by: SysAdMini on November 03, 2009, 03:28:14 am
Thanks.  :)