The Real Time Threat List

Righard Zwienenberg ESET
Richard Ford Florida Institute of Technology
Thomas Wegele Avira

Tracking malware threats that users have encountered 'in the wild' has a long history, and is an excellent example of collaboration within the anti-virus industry. For over a decade, the industry has standardized on the WildList, founded by Joe Wells, and currently run by ICSALabs. For many years, this list of active threats has served testers, users, and developers well, but it is not devoid of problems. In particular, the change in the nature of online threats has left the WildList trailing the 'real-time' threat, making it unsuitable for effective 'in-the-wild' testing.

In this presentation we explore the shortcomings of the WildList, and introduce our solution, the Real Time Threat List (RTTL). This list, hosted and sponsored by AMTSO, is based upon Avira's sample sharing system, and is designed to provide a real-time view of threats as they are found in the wild. The list allows for customization of queries to provide testers with information about specific threats in specific regions, as well as several other interesting test scenarios.

The design of the RTTL is such that all AMTSO members can contribute samples to the system. Furthermore, the system lowers the workload for many vendors who already participate in the existing Avira system. As such, we believe it represents a more forward-looking way to track and catalogue in-the-wild threats.

During the talk, we will show the prototype system, and also discuss how we see the system evolving and the new test scenarios that the RTTL enables.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference or register online.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 23 comments

SMI Oil and Gas Cyber Security 2014

Jobs
In Virus Bulletin's jobs pages among others:

Virus Bulletin currently has 231,295 registered users.