Analytics
5/13/2014
03:35 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Free Malware Research Tool On Tap

Invincea to release a free research version of its FreeSpace forensics tool next week.

Security firm Invincea next week will release a free tool for researchers and forensics investigators to analyze a malware sample and experience firsthand its capabilities on a user machine, via a virtual container. The tool is a research edition of Invincea's FreeSpace endpoint software.

Anup Ghosh, founder and CEO of Invincea, says the research tool is basically the same FreeSpace tool it sells to enterprises, but it will have a link to Invincea's cloud-based malware threat intelligence analysis. "When they are out there on the web clicking on links that might be malicious and hit one that is, it protects their machine. The forensics from that is automatically uploaded to the cloud-based server and the source of it, anonymized," Ghosh says. "It's a safe place to do discovery, and the sharing... of forensics."

Ghosh says Invincea had enterprise researchers and forensics investigators in mind for the tool, such as those in financial services, defense, energy, healthcare, and the federal government. Invincea is working with the FS-ISAC to exchange data collected from its intelligence-sharing with Invincea's. "That [intel] will go right back into those community ISACs," he says. "These communities have done a good job in defining the format to be exchanged... but have not gone as far as to provide a tool to enable discovery and sharing content."

Invincea also has struck an alliance with ThreatGRID, a crowdsource-style intel-sharing service, for additional analysis of malware tested with FreeSpace Research Edition.

"This relationship enables someone from the security team to... get more information on this malicious sample. What are its actual attributes?" says Dov Yoran, CEO and co-founder of ThreatGRID.

Ghosh acknowledges that he hopes the offer of the free tool will help expand adoption of Invincea software, and that it's also a way to "give back to the community."

In addition to FreeSpace Research Edition, Invincea also will roll out a tool it demonstrated at last year's Black Hat USA conference -- CrowdSource, a machine learning-based reverse-engineering tool. 

"If you see an inbound spear phish, FreeSpace will click on all links and see if this was a real spear phish and whether it runs malware. If it did, what are the indicators of that? Then [the findings are] automatically shared with the community."

CrowdSource then would quickly provide information on all of the capabilities of the malware. "This would normally take hours for a highly qualified malware forensics analyst," says Ghosh. "Anyone can run this, and it tells you right away."

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
5/14/2014 | 9:38:07 AM
Exciting news!
I am excited to see how this tool compares to Cuckoo. Cuckoo works by running the executable in a virtual machine sandbox and analyzing the results. Cuckoo will return back screen shots of the installation process, files and registry keys accessed or modified, and any IP's or hosts contacted. Additionally, it will check the installed files against several signature files to see if it matches any known malware.

If you want to play around with Cuckoo, they have a free online version hosted at malwr.com. You can either upload your own executable (it doesn't have to be malware) and see the changes or look at some of the recent analysis done on the site.

Personally, I am looking forward to the Invincea tool because from article it appears to be more proactive. Based off this quote it appears the Invincea tool may sandbox your browser session from malicious code.
"When they are out there on the web clicking on links that might be malicious and hit one that is, it protects their machine. The forensics from that is automatically uploaded to the cloud-based server and the source of it, anonymized,"
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2413
Published: 2014-10-20
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.

CVE-2012-5244
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to...

CVE-2012-5694
Published: 2014-10-20
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.p...

CVE-2012-5695
Published: 2014-10-20
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrators for requests that conduct (1) shell metacharacter or (2) SQL injection attacks or (3) send an SMS m...

CVE-2012-5696
Published: 2014-10-20
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.