The media drew attention to an interesting project that began work in mid-January: an information security expert created a website where he collects information about vulnerabilities in malware.
Information security specialist and bug hunter John Page got bored during the quarantine and eventually created the MalVuln website, where he collects data on bugs and vulnerabilities found in the code of various malware. Page hopes that other information security experts can use this information to disable and remove malware on infected hosts during incident response.The site is a typical portal for disclosing data on vulnerabilities. It lists the name of the problematic software (the name of the malware), provides technical details of the bugs found, and publishes the PoC exploit code so that other researchers can reproduce the problem.
Currently on MalVuln are posted the details of 45 vulnerabilities. Some of these reports are about current threats like Phorpiex (Trik), but you can also find descriptions of problems in older malware like Bayrob.
Moreover, Page told ZDNet that he found all these bugs himself.
“There have been no outside applications and I am not currently accepting them”, — says the researcher.
Although the site contains a PGP key, it is planned to receive information on vulnerabilities from other specialists in the future.
ZDNet journalists note that the creation of MalVuln touches on a very sensitive topic that is rarely openly discussed in the information security community. The fact is that for decades information security specialists have been hacking malware and conducting covert operations against hackers, exploiting various errors and vulnerabilities in their malware code.
“For example, it is not uncommon for the ‘good guys’ to break into malware control servers in order to obtain data on victims, or use errors in the malware’s code to disable and remove it from infected systems”, – ZDNet journalists clarify.
Due to this fact, many are unhappy with the launch of MalVuln, because the site reveals the carefully guarded secrets of information security experts and indirectly helps operators of malicious programs by pointing out errors in the code, which ultimately interferes with the effective work of specialists.
Page states that he does not care about such criticism, and he does not plan to stop:
“I going about my job and am not responsible for the data. Usually such opinion is expressed by the same people who believe that vulnerabilities in should not be public, because it helps attackers.”
Let me remind you that Malware spreads and downloads payloads from paste-sites.
