Home > Articles > Security > Network Security

  • Print
  • + Share This
From the author of

In 2004 Seth Fogie and I co-wrote a rather controversial article on the Dust virus, which we were also to first to analyze. Parts 2 and 3 of that series were independent articles written by Ratter, a virus author from the group 29A. In them he explains that he has never released malware into the wild, and that he was providing the code simply as proof of concept. (For the record, Seth Fogie, my co-author on Part 1 of that series, was strongly against publishing that code.)

Publishing exploit code and source code is still controversial. For example, many commercial companies do not want flaws in their software revealed. However, time has shown that many companies will hide their flaws, to the detriment of the public, unless the actual exploit code is revealed.

In the general security community, it seems that the concept of "security through obscurity" has long been discredited. However, a small number of antivirus vendors are still strongly against re-publishing malware code in any form, even if it is already in the public domain (and readily accessible by anyone via free Internet download). Many of this small minority complained quite vocally. Part of this may be an emotional response. Many antivirus vendors are security firms are sensitive to repeated (although not proven) criticism that they occasionally hire virus writers and black-hat hackers. This may be why the Dust article hit a nerve.

To the credit of Informit, they decided to publish the article anyway. However, we are respectful of everyone's feelings. We believe in freedom of the press, but we also that the press should take great care not to offend anyone, if at all possible. For this reason, we subsequently formed the Mobile Antivirus Researchers Association. This allowed us to share code and examples within a more strictly controlled environment of established researchers.

About the Mobile Antivirus Researchers Association (MARA)

MARA members are composed of antivirus companies, major security companies, CISSPs, university professors, and authors who have written some of the leading technical security books in the world. Members have to abide by a strict, written code of ethics. In fact, if you are interested in the field of mobile research and have the appropriate credentials, then we need you! We invite you to consider joining MARA at http://www.mobileav.org. Membership in MARA is free.

In addition, MARA provides samples of malware to antivirus vendors and other parties that have a legitimate research need. There is absolutely no requirement to become a MARA member. We are happy provide samples even if you choose not to join MARA. In this case, we simply ask you to sign a mutual trading and ethics agreement. Trading malware is a sensitive business; for ethical and legal reasons there should be a written chain of custody. And if an antivirus vendor prefers not to use the MARA agreement, then they are welcome to suggest one that is to their liking.

  • + Share This
  • 🔖 Save To Your Account