Oldest AV myth/question answered

"Do AV Vendors write own malware?"

Yes they do! At least one does it. Next week.
http://sunbeltblog.blogspot.com/2009/09/malware-experience-brought-to-you-by.html

 

Is the advance coarse in Mac/Linux

Wonder how people will react when McAfee is always first in detection for new threats

Thanks for the heads-up.

 

Reply from McAfee in comment section(http://www.haloscan.com/comments/alexeck/974923028625162068/#421115):

Gents,

Let me address your concerns. We are NOT creating new malware nor are we showing others how to create malware. We are allowing our customers to get firsthand experience with existing malware and malware tools to educate them on what it is that is out in the wild hunting them and their users. This will be done in a secure environment with no connectivity. No one will be allowed removable media or storage devices. All malware and associated toolkits that we are using are currently detected and protected against.

Again, we are not teaching coding or teaching people how to write malware nor would we ever. We are allowing them to interact and experience malware in a controlled environment to get a better understanding of what we are protecting them and their users from.

Best regards,

Dave

Dave Marcus
Director, Security Research and Communications
McAfee Avert Labs

 

With all the respect to Inspector Clouseau, I see nothing wrong here. Do you really believe that the guys who write malware are waiting for McAfee's guidance. Theoretically I could agree with you but honestly I see nothing tragic here.

 

Yes, sure its nothing tragic, just a bad choice of wording - More likely to be a PR stunt, trying to get people through the door and then showing how amazing McAfee is.

... but judging by the advertisement (if it is correct), I think there is a big problem with showing people how to create malware, people start somewhere and climb up from there. Consider the day as a day in nursery?
Of course the hardcore hackers/malware authors wont care about this, but the n00b will - (and most hackers/authors were n00bs at some point).

 

A few good reasons there lol.

I can understand your initial reservations about such a course, but McAfee certainly are not the only ones doing it, or anywhere near the first to do so, for eg here's just one -

Ethical Hacking: Penetration Testing and Certified Ethical Hacker - http://www.infosecinstitute.com/courses/ethical_hacking_training.html

So if it's ok/legal for others, why not McAfee, or any other Anti etc company for that matter ?

If they are able to teach those who want to learn, maybe to have a career in Anti's etc, what's wrong with that ?

Also i can't really see script kiddies or the baddies attending these sessions, can you ?

Of course i fully expect that whatever Malware McAfee have coded, will be detected etc during this " Limited seating available " session !!! So not real world, but i would say a useful exercise, to those who express an interest. If i had the chance to go, i think i would, and report back.

 

This is unethical. And it’s the wrong approach to teaching awareness and understanding of malware. This would be like your local police giving a crash-course on how to plan and execute the perfect robbery -- yet to avoid public criticism, they teach it in a ‘safe environment’: your local police station.

water-tight argument. I do not see how these actions are supposed to help the users.

 

I didn't quite get the target group for the course.


If it's for IT security then I can certainly understand this. Kinda similar like with bookkeeppers and accountants, they need to know how to commit fraud in order to detect it similarly, IT security personnel need experiences and insight into how malware works.

 

I will never understand why people think that writing malware is required to understand malware. But then, it might be a bit more effective than those people who read a few av blogs and think they are perfect av experts...

 

mcafee and norton...........no comments these are the story of viruses in pc's its all about money

 

I don't see the harm of it, a deeper understanding is nothing bad.

 

This reminds me of Dr Web.The developer of Dr Web has said sometimes they will write some virus to have fun .

 

You must be coder then?

I am not, and for me malware is something which I don't properly understand. I can read and observe what it does, but how and why it does that is beyond me.

What harm is there in deeper understanding that could make more efficient in this particular field (especially if I wish to pursue career path in IT security)?

I'd be nothing more than glorified script kiddie at present. Using tools others created, without having any deeper understanding of things.

 

Well this phrase is a mystery to me too. If you intend that they just copy malware code, modify it a bit and then release it under other names...then ok...but I have never seen a coder write something new without understanding it.

 

I see nothing wrong with what McAfee is doing. They are simply educating the masses, as to what these malware are, and what they are capable of. We all know MALWARE is a big issue, McAfee I applaud them for being leaders and showing people the dangers of malware.

 

There are tons of good reverse engineering and analysis tools which you can use to analyse and *fully* understand the function and structure of malware. There is absolutely no need to write malware in order to understand it.

 

I think, no, I know, that if Stefan and IC are saying so, then it is so. To dispute what they are saying is about as pointless as changing your avatar every day.

 

You don't need to know how to design an engine to service/repair one either. But i'm sure a lot of mechanics might like to, if given the chance.

People in the AV/Anti business don't have exclusive rights to info/knowledge, even if some of them might like to think so !

 

It looks like it's all to do with a bad choice of words on McAfee's part. Personally I would have thought direct communication with them would have been the way to go rather than having this hornet's nest of a debate going on. The situation would probably have been resolved after a couple of emails or so.

PS: I note McAfee have changed their wording on the details for this event.

 

I remember PrevX and BBC teamed up to do something similar. They bought a botnet and then used to it to SPAM, DDoS.

Details and video info at:
http://blogs.zdnet.com/security/?p=2868

Here is a now offlined Sophos Blog over the issue:
http://74.125.155.132/search?q=cach...12/bbc-break-law-botnet-send-spam/&cd=7&hl=en


If that was not a big deal, then what is the fuss about McAfee Avert ?? They're at least are doing it in a closed environment (and not with real people as bots), plus its at a seminar (and not broadcast on TV/Net).

 

they didnt say that. people just thought that since they was the only antivirus to detect a certain rootkit once loaded they created it which is not true. other companies detected it once loaded after that.

 

I personally don't mind that some people (I guess not everyone is invited) learn more about how to create malware.

It's not an in-depth course.

Learning how to create malware by common malware creation tools and a bit more can give one some insight about the threats.

Seriously, there is a flood of dangerous malware out there, would exposing some people to these tools create a serious threat for the public ?

Not that different from disclosing a vulnerability that hasn't been patched yet.

If it were abused the AV vendors would have to deal with more signatures. Just a tiny %.


Just my 2 cents.

 

Fly, you don't understand. Using a construction kit will teach you nothing about how malware does work or how you can protect against it.
And before writing real, serious malware, you first have to learn about so many things. Of course, everyone is free to do so! All the information is available on the net, all the tools are freely available! You just have to dig a little bit.
There are tons of malware samples available for everyone, more than you ever will be able to analyse in your entire lifetime.
AFTER you learned all these things, you will be able to write malware (using a kit is not writing malware), but the creation process will not deepen your knowledge really any further. And what you do with your shiny new malware? Good things, I bet. Yeah sure.

The AV people are not hiding or blocking any information - we just have way too many new malware samples every day to think it's funny when someone teaches the public to write even more malware. Yes, please learn about how malware works! We need skilled people badly! But it seems that most of those went over to the dark side already.

 

Stefan, when you say the darkside, where is the profit. I mean so you become a bad guy, where is the monetary incentive. Compared to folks like you, Marcos and the rest here who work for a legit vendor and have a paid salary. Quite good I hear to.

My point is I have seen where it is just the opposite. Some really good malware writers have become the good guys, no names please. I mean if I could do it, and was good at it, I would be sending my resume to Avira, well, maybe Norman. I think most of these dudes do it because they are:
1. talented
2. young and have no clue of responsibility in life
3. Or are just plain screwed up.