Georgia Tech Launches "Titan" Malware Analysis System 37
wiredmikey writes "A new malware intelligence system developed at Georgia Tech Research Institute is helping organizations share threat intelligence and work together to understand malware and cyber attacks. Dubbed "Titan", the system lets members submit threat data and collaborate on malware analysis and classification. Unlike some other systems, members contribute data anonymously so no one would know which specific organizations had been affected by a specific attack. Titan users also get reports on malware samples they have submitted, such as the potential harm, the likely source, the best remedy, and the risks posed by the sample. The analysis is based on what GTRI researchers learn by reverse-engineering the malware. The project currently analyzes and classifies an average of 100,000 pieces of malicious code each day and growing. While other information sharing initiatives have been launched, many are by vendors, which sometimes sparks concern that the vendor may have some bias, and may be pushing a certain product. Not the case with Titan."
The Brits did it before... (Score:5, Informative)
The UK Government tried doing this - the IT Security section of CCTA acted as an independent malware clearing house - in the 1990s. They received reports from all the AV companies, merged and anonymised them and then made the cleaned data available to the industry. Then 9/11 happened, the IT Security section of CCTA was closed down and responsibility given to GCHQ, and all interaction with industry was halted....
I do malware analysis professionally (Score:5, Informative)
One of the problems is that any company that does malware analysis or is involved in malware considers a malware binary or a malicious URL to be their intellectual property. It is difficult or impossible to have one-directional information sharing with a company like the one that I work for. Even two directional sharing is close to impossible. Examine all of these crowd-sourced projects really closely and you'll find that the information does not flow freely out of these projects as easily as it flows in. Usually the organization behind the project (funding the project) is a company like mine and they are benefiting from the free info that people are volunteering. These projects are thought up as ways to get people to give them malware binaries and more data without giving something back. The way to test is to find out how easy or difficult it is to get this project to give you a feed of their collected data. If they give it to you without much of a fuss (ala Phishtank), they're probably a real collaborative organization. On the other hand, if they make it difficult to impossible to get a data feed (virustotal, anubis), they're a front for one or more security companies. The ones that are especially insidious are the ones associated with universities (anubis). The association with the university adds legitimacy and the look of openness, but really the data still flows in one direction to a corporate entity.