Date: Thu, 5 Apr 2001 22:26:49 -0600 From: Ryan Russell <ryan@SECURITYFOCUS.COM> Subject: Malware Repository To: INCIDENTS@SECURITYFOCUS.COM As part of the ARIS project, SecurityFocus would like to announce that we will be maintaining a repository of malware samples that have been captured in the wild. This will include worms, packet dumps, and similar binaries. Our hope is that this will aid individuals who need copies of such software in order to perform analysis on them. This should assist efforts in the following ways: -Obviate the need for people to make requests on the mailing lists for copies -Provide a central spot to get all known copies in order to look for variants -Provide a spot for people to host malware samples, if they are hesitant to do so on their own equipment -Generally speed up turnaround time for people who need these to update IDS rules, mail filters, etc.. We will be crediting the individuals who supply us with samples, unless they wish to remain anonymous. The archive will be open to the general public. In addition to the malware we will be linking to relevent artciles, white papers, IDS signatures, etc... for each item of malware. We will be depending on the community to provide us with samples. Please mail any relevent binaries or links to malware@securityfocus.com , and let us know if you do not wish to be credited. As new items are posted, we will drop a note to the incidents list for items that warrant it. These pages will be available by the end of next week, following the RSA conference in San Francisco (if you will be there, please stop by the SecurityFocus booth and say hello. I'll be there on and off every day.) Initially, the page will contain samples for Ramen, Lion, and Adore, plus anything else that comes out between now and then. We will be maintaining copies of new items from now on, and will not be making an attempt to go back in time to get a complete collection, unless someone wants to volunteer a personal collection. Ryan