« May 2010 · November 2010 · February 2012 »
|
|
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
- 13.09.2010: Prolific DDoS Bot targeting many industries
- 15.08.2010: Spam using RU domains - Who's your nameserver?
- 13.08.2010: See below.
- 02.08.2010: Of Opinions and Anti-Virus Testing
- 05.07.2010: Lies, Damn Lies, and Botnet Size
Friday, 13 August 2010
Binary Whitelisting Service
The Shadowserver Foundation has built a new public service offering to allow anyone to test the MD5's or SHA1's of binaries to see if they are already in a known set of software. This is a free and public service for anyone to use.
We have noticed that in the gathering of malware directly and from other sources, that known good software leak into the feeds fairly regularly. This occurs for many reasons, most of which are just part of the processing of malware. This contamination can cause issues as samples are shared and tested within the community. We have seen the cascading problem of shared malware samples that could have already been known as good.
The initial offering is taking the lists from NIST ( http://www.nsrl.nist.gov/). Over time we plan on adding to this from other sources when made available. Access will be via HTTP and the responses via a JSON object for ease to include in your test programs.
You can read more about the specifics of the usage here:
http://bin-test.shadowserver.org/
As always, if there are any questions, please let us know.
=>Posted August 13, 2010, at 01:46 PM by freed0
