SEATTLE–The FBI has developed an internal malware-analysis tool, somewhat akin to the systems used by antimalware companies, and plans to open the system up to external security researchers, academics and others.
The system is known as Malware Investigator and is designed to allow FBI agents and other authorized law enforcement users to upload suspicious files. Once a file is uploaded, the system runs it through a cluster of antimalware engines, somewhat akin to the way that Virus Total handles submissions, and returns a wide variety of information about the file. Users can see what the detection rate is among AV engines, network connection attempts, whether the file has been seen by the system before, destination and source IP addresses and what protocols it uses.
The portal, launched in August, is available to law enforcement officials right now, but Jonathan Burns, an FBI agent who works on cybercrime, said in a talk at the Virus Bulletin conference here last week, that the FBI is developing a separate portal for outside experts. That system will allow security researchers and others to upload suspicious files they’ve collected and get correlation information and any other data the FBI has on them or related files.
“We are essentially in this to collect samples. The more we can provide tools out to law enforcement and industry to fight cybercrime, the more we’re helping the government fight cybercrime,” Burns said. “This is a collection tool for the FBI.”
Right now, Malware Investigator is able to analyze Windows executables, PDFs and other common file types. But Burns said that the bureau is hoping to expand the portal’s reach in the near future.
“We are going to be doing dynamic analysis of Android files, with an eye toward other operating systems and executables soon,” he said.
Burns emphasized that private users of Malware Investigator won’t have to share any personal information in order to use the portal.
“You don’t have to share anything you don’t want to. No one will know who you are unless you want them to,” he said.