Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

FBI Launches Malware Investigator Tool

At the Virus Bulletin conference that took place in Seattle last week, the FBI introduced a tool designed to provide users with detailed technical information on malware.

At the Virus Bulletin conference that took place in Seattle last week, the FBI introduced a tool designed to provide users with detailed technical information on malware.

In 2011, the FBI deployed a tool called the Binary Analysis Characterization and Storage System (BACSS). The tool provides technical information on malware functionality, which investigators and incident responders can use in their activities.

Since BACSS has been a success, the FBI decided to develop Malware Investigator, an unclassified automated malware analysis tool that can be used not only by other law enforcement agencies which might need it for cybercrime investigations, but also by researchers trying to understand the threat landscape, and private sector partners seeking to improve their cyberattack mitigation capabilities.

Malware Investigator Logo“Through Malware Investigator, the FBI will lead a collaborative effort with members of the law enforcement community, academia, and the private sector, to protect businesses deemed critical to the nation’s infrastructure. Malware Investigator will provide its users a trusted venue in which to investigate, analyze, study, and collaborate about malware threats,” the FBI said on the Malware Investigator website.

The agency believes such tools can be very useful because organizations that handle cyber security incidents must be able to quickly analyze suspicious files and share the results with other members of the community. In March, when the FBI presented the Malware Investigator, Unit Chief Steve Pandelides noted that the tool would also “provide the FBI a global view of the malware threat.”

At the Virus Bulletin conference, the FBI’s Jonathan Burns explained (PDF) that the tool provides users with the information they need to respond to incidents and further investigate, so that they don’t have to waste precious time waiting for the malware to be reverse engineered.

Malware Investigator is designed to analyze threats based on file hashes, correlation, comparison, virus scanning and sandboxing. In addition to a Web service, the FBI has also developed an API for entities that want to integrate the resource into existing systems, Burns said.

For the time being, Malware Investigator is only available to law enforcement via the Law Enforcement Enterprise Portal (LEEP). Private sector organizations will soon be able to access the service via InfraGard, the partnership between the FBI and the private sector.

It’s not a secret that the FBI is interested in collecting malware from multiple sources. Back in February, the agency announced that it was willing to pay for malware that would be used by the Investigative Analysis Unit (IAU) of the agency’s Operational Technology Division. The FBI said at the time that the collection of malware is “critical to the success of the IAU’s mission to obtain global awareness of malware threat.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...