FBI Opens Malware Investigator Portal

Friday, October 3, 2014 @ 04:10 PM gHale


FBI opened its Malware Investigator portal to industry in order to share information on this type of cyber threat and to improve incident response.

The FBI wants to speed up the investigation process in case of attack and allow private companies to autonomously respond to infection based on a new strain of malware without heavy reverse-engineering loads.

RELATED STORIES
Breaking Down an Insider Attack
Belden: Protect Against Yourself
Ex-employee Guilty of Damaging Systems
Guilty Plea in SpyEye Virus Case

“Malware Investigator is a tool that provides users the ability to submit suspected malware files and within as little as an hour, receive detailed technical information about what the malware does and what it may be targeting,” said the official Malware Investigator portal.

“After submission, the report can get turned around in a matter of minutes to a matter of hours,” said Information crime unit chief Steve Pandelides. “It will enable our private partners to protect their company’s networks and help our state and local law enforcement partners further their investigations. “It will also provide the FBI a global view of the malware threat.”

Malicious codes submitted to the Malware Investigator portal could end up correlated against other submissions and analyzed by the FBI’s intelligence which will produce detailed reports. Initially, it will work for Windows malware and it will expand to collect other families of malicious code. This kind of analysis has an immense value for malware analysts that could be able to track the evolution of malicious code in time, and track capabilities of APT and hackers behind the malicious campaign.

Malware would undergo analysis through fuzzy hashing including section hashing, virus scanning cluster, file system modification, sandboxing and others.

The FBI opened API access for organizations that plan to integrate the system into their architecture, in this way private entities could benefit of the research made by the FBI with its analytic tools, including an automated malware analysis system, known as Binary Analysis Characterization and Storage System (BACSS), now used by the bureau enterprise wide.

The BACSS system provides the FBI’s investigators and security experts with technical information about the malicious code used in the attack as well as correlation with other infections.

As explained by law enforcement the FBI began manual malware analysis in 1998 and over subsequent years it has designed its own tools to analyze the threats.

Click here for the malware investigator portal.



Leave a Reply

You must be logged in to post a comment.