Date:         Thu, 5 Apr 2001 22:26:49 -0600
From: Ryan Russell <ryan@SECURITYFOCUS.COM>
Subject:      Malware Repository
To: INCIDENTS@SECURITYFOCUS.COM

As part of the ARIS project, SecurityFocus would like to announce that we
will be maintaining a repository of malware samples that have been
captured in the wild.  This will include worms, packet dumps, and similar
binaries.

Our hope is that this will aid individuals who need copies of such
software in order to perform analysis on them.  This should assist efforts
in the following ways:

-Obviate the need for people to make requests on the mailing lists for
copies
-Provide a central spot to get all known copies in order to look
for variants
-Provide a spot for people to host malware samples, if they
are hesitant to do so on their own equipment
-Generally speed up turnaround time for people who need these to update
IDS rules, mail filters, etc..

We will be crediting the individuals who supply us with samples, unless
they wish to remain anonymous.  The archive will be open to the general
public.  In addition to the malware we will be linking to relevent
artciles, white papers, IDS signatures, etc... for each item of malware.
We will be depending on the community to provide us with samples.  Please
mail any relevent binaries or links to malware@securityfocus.com , and let
us know if you do not wish to be credited.  As new items are posted, we
will drop a note to the incidents list for items that warrant it.

These pages will be available by the end of next week, following the RSA
conference in San Francisco (if you will be there, please stop by the
SecurityFocus booth and say hello.  I'll be there on and off every day.)

Initially, the page will contain samples for Ramen, Lion, and Adore, plus
anything else that comes out between now and then.  We will be maintaining
copies of new items from now on, and will not be making an attempt to go
back in time to get a complete collection, unless someone wants to
volunteer a personal collection.

					Ryan