Analytics
5/13/2014
03:35 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Free Malware Research Tool On Tap

Invincea to release a free research version of its FreeSpace forensics tool next week.

Security firm Invincea next week will release a free tool for researchers and forensics investigators to analyze a malware sample and experience firsthand its capabilities on a user machine, via a virtual container. The tool is a research edition of Invincea's FreeSpace endpoint software.

Anup Ghosh, founder and CEO of Invincea, says the research tool is basically the same FreeSpace tool it sells to enterprises, but it will have a link to Invincea's cloud-based malware threat intelligence analysis. "When they are out there on the web clicking on links that might be malicious and hit one that is, it protects their machine. The forensics from that is automatically uploaded to the cloud-based server and the source of it, anonymized," Ghosh says. "It's a safe place to do discovery, and the sharing... of forensics."

Ghosh says Invincea had enterprise researchers and forensics investigators in mind for the tool, such as those in financial services, defense, energy, healthcare, and the federal government. Invincea is working with the FS-ISAC to exchange data collected from its intelligence-sharing with Invincea's. "That [intel] will go right back into those community ISACs," he says. "These communities have done a good job in defining the format to be exchanged... but have not gone as far as to provide a tool to enable discovery and sharing content."

Invincea also has struck an alliance with ThreatGRID, a crowdsource-style intel-sharing service, for additional analysis of malware tested with FreeSpace Research Edition.

"This relationship enables someone from the security team to... get more information on this malicious sample. What are its actual attributes?" says Dov Yoran, CEO and co-founder of ThreatGRID.

Ghosh acknowledges that he hopes the offer of the free tool will help expand adoption of Invincea software, and that it's also a way to "give back to the community."

In addition to FreeSpace Research Edition, Invincea also will roll out a tool it demonstrated at last year's Black Hat USA conference -- CrowdSource, a machine learning-based reverse-engineering tool. 

"If you see an inbound spear phish, FreeSpace will click on all links and see if this was a real spear phish and whether it runs malware. If it did, what are the indicators of that? Then [the findings are] automatically shared with the community."

CrowdSource then would quickly provide information on all of the capabilities of the malware. "This would normally take hours for a highly qualified malware forensics analyst," says Ghosh. "Anyone can run this, and it tells you right away."

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
5/14/2014 | 9:38:07 AM
Exciting news!
I am excited to see how this tool compares to Cuckoo. Cuckoo works by running the executable in a virtual machine sandbox and analyzing the results. Cuckoo will return back screen shots of the installation process, files and registry keys accessed or modified, and any IP's or hosts contacted. Additionally, it will check the installed files against several signature files to see if it matches any known malware.

If you want to play around with Cuckoo, they have a free online version hosted at malwr.com. You can either upload your own executable (it doesn't have to be malware) and see the changes or look at some of the recent analysis done on the site.

Personally, I am looking forward to the Invincea tool because from article it appears to be more proactive. Based off this quote it appears the Invincea tool may sandbox your browser session from malicious code.
"When they are out there on the web clicking on links that might be malicious and hit one that is, it protects their machine. The forensics from that is automatically uploaded to the cloud-based server and the source of it, anonymized,"
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.