Building your own DATA base of ...

[Spud1200]

Would it be possible to build your own DATA base of Virus Definition and or using Viruses them selves to detect and remove a give Piece of Malware from a System.

I'm looking at this from the angle of a external HDD full with Viruses and thus using the HDD threw a Ethernet or some sort of connection to a given network with a program to cross reference in real time scanning say 24 \ 7 along with the incoming ports on your Router \ Modem. I'm thinking it would take some sort of coding to be able to bridge the Viruses and the protecting network with soem sort of firewall.

I will say if you say have 10GB of of Virus DATA or should we say Malware DATA would it be best to keep the signatures or acutall viruses, in regards to building the DATA base up from scratch.

 

[Yami]

Would it be possible to build your own DATA base of Virus Definition and or using Viruses them selves to detect and remove a give Piece of Malware from a System.

Yes, it's called anti-virus

There are issues with keeping full samples of viruses - or hashes thereof - for comparison which is that many viruses are polymorphic ("A virus that changes its virus signature (i.e., its binary pattern) every time it replicates and infects a new file in order to keep from being detected by an antivirus program.").

This why most modern AVs use heuristics to determine what the likelihood that a given process is that of a virus.

 

[MidnightShadow]

Yes, it's called anti-virus

There are issues with keeping full samples of viruses - or hashes thereof - for comparison which is that many viruses are polymorphic ("A virus that changes its virus signature (i.e., its binary pattern) every time it replicates and infects a new file in order to keep from being detected by an antivirus program.").

This why most modern AVs use heuristics to determine what the likelihood that a given process is that of a virus.

This. Plus, I can only imagine how difficult it would be to keep it updated with the latest and greatest definitions. Unless you're going to start a full fledged company out of it, you would probably do best just downloading an AV software.

 

[carnageX]

Plus take into account zero-day exploits.

 

[cb600fshornet]

It could be an interesting project to try and build up, but not much further than that. Maintained virus databases are already available, and as more people contribute to them, would have more up-to-date information anyway.

 

[Spud1200]

It could be an interesting project to try and build up, but not much further than that. Maintained virus databases are already available, and as more people contribute to them, would have more up-to-date information anyway.

Would you be able to provide more info on this such as were I could download full samples or if their are any online archives?

 

[Yami]

Would you be able to provide more info on this such as were I could download full samples or if their are any online archives?

I'm on a private torrent tracker with about ~2TB of malware samples (it's all legal, mods; it's for academic research purposes) I might be able to give you an invite. If not I can put some sets of them on my server and you can just download them normally.

http://virusshare.com/

 

[setishock]

If not handled correctly you could be playing with fire. Set up a sandbox on your computer before you download any full sample.

 

[carnageX]

If not handled correctly you could be playing with fire. Set up a sandbox on your computer before you download any full sample.

Also good to be aware that even VM's can spread to the host OS - ideally you'd have a completely segregated system (including from your network) to do this sort of testing/playing around on.

 

[setishock]

That's an excellent idea. Make an image of the system in the before state and back up the BIOS.