Malware contest is going on!

Submitted by Kai on Wed, 2008-10-01 08:51.

malware

Spylogic pointed me to this interesting challenge.

It turns out that the Ohio information Security Summit is hosting (and dishing out prizes too) to people who try to analyze malware and document their findings. The contest is open Oct. 1 to Oct 26, and I just love it!

Howow - hold yer horses. Malware, you said? So this gotta be dangerous? Yes? Ok. Let us check their FAQ:

"Are you using real malware? Isn't that dangerous?

Yes and yes. The malware being used in the test is malware we pulled from the wild. It will infect machines it is run on so you should take every precaution to

ensure you do not infect machines or networks you do not mean to."

Ah, so I need to use my lab for this.

Seriously, I think this may be a nice way to create awareness and interest for malware out in the jungle. Unfortunately for me, I will be nowhere near Ohio in October, but I will give it my best shot anyway. First, let me find an old, battered computer I can use for this test...

malware, spylogic

Kai's blog

Interesting, but for awareness value, I prefer...

Submitted by Scott Wright (not verified) on Sat, 2008-10-04 18:34.

Interesting, but for awareness value, I prefer to do "simulated" malware handling in a more controlled and targeted environment. To see what I mean, you can visit my Honey Stick Project site at http://www.honeystickproject.com, where I show the effects of detecting real use of potentially risky USB devices by real humans in the wild. I am in the process of putting up a free service that will let people test in their own enterprise. The key is that "NO SOFTWARE IS LOADED ON THE USB DRIVES, OR ON THE USER'S COMPUTER". It's totally safe because it only uses " tags in HTML files. The competitions are good, and needed, I think. But for awareness value, other than a novelty, I'm not so sure. Why not measure your own environment? Thanks for highlighting this event. - Scott