Dubbed Malvuln, a new project is up and running that aims at cataloging vulnerabilities in malware code thus turning the tide on the bad guys!.
About Malvuln Project
Security researcher John Page (with alias hyp3rlinx on Twitter) has created a website for logging vulnerabilities in malware.
Set up as Malvuln, the project aims at listing all sorts of bugs and vulnerabilities within malware code.
This logging will supposedly help security researchers in understanding malware weaknesses. For IT personnel, it will potentially help them in getting rid of the malware should active infection occur.
There are many websites already offering information about Malware like Hashes, IOC, Reversing etc.
However, none dedicated to research and analysis of vulnerabilities within Malware samples… until now
The project’s website presently lists 31 vulnerabilities (at the time of writing this article). Though, the list is growing quickly since first disclosed by Security Week.
The researcher came up with this idea during the COVID-19 lockdown. He announced the launch of the project via a tweet.
As stated on the website, all the vulnerabilities presently listed there were gathered by the researcher himself.
For now, he hasn’t invited any third-party contributions.
Is It Really That Useful?
Although, the researcher clearly aims at setting up this website for educational and research purposes.
However, Greg Leah, Sr. Director, Intel & Services at HYAS Inc., a cybersecurity firm, having such a critical project publicly exposed might also do the reverse. That is, it might instead facilitate the cybercriminals in fixing the weaknesses in their malware.
As he mentioned in his response to Page’s tweet,
Moreover, Page has also clearly alerted all website users to remain careful, especially, to avoid downloading any malware samples.
Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere.
Perhaps, it all depends on who uses this website and for what purpose. For now, let’s see in which direction this innovative project goes.
Let us know your thoughts in the comments.
1 comment
Comments are closed.
Add Comment