Connect with us

Hi, what are you looking for?


Malware & Threats

FBI Launches Malware Investigator Tool

At the Virus Bulletin conference that took place in Seattle last week, the FBI introduced a tool designed to provide users with detailed technical information on malware.

At the Virus Bulletin conference that took place in Seattle last week, the FBI introduced a tool designed to provide users with detailed technical information on malware.

In 2011, the FBI deployed a tool called the Binary Analysis Characterization and Storage System (BACSS). The tool provides technical information on malware functionality, which investigators and incident responders can use in their activities.

Since BACSS has been a success, the FBI decided to develop Malware Investigator, an unclassified automated malware analysis tool that can be used not only by other law enforcement agencies which might need it for cybercrime investigations, but also by researchers trying to understand the threat landscape, and private sector partners seeking to improve their cyberattack mitigation capabilities.

Malware Investigator Logo“Through Malware Investigator, the FBI will lead a collaborative effort with members of the law enforcement community, academia, and the private sector, to protect businesses deemed critical to the nation’s infrastructure. Malware Investigator will provide its users a trusted venue in which to investigate, analyze, study, and collaborate about malware threats,” the FBI said on the Malware Investigator website.

The agency believes such tools can be very useful because organizations that handle cyber security incidents must be able to quickly analyze suspicious files and share the results with other members of the community. In March, when the FBI presented the Malware Investigator, Unit Chief Steve Pandelides noted that the tool would also “provide the FBI a global view of the malware threat.”

At the Virus Bulletin conference, the FBI’s Jonathan Burns explained (PDF) that the tool provides users with the information they need to respond to incidents and further investigate, so that they don’t have to waste precious time waiting for the malware to be reverse engineered.

Malware Investigator is designed to analyze threats based on file hashes, correlation, comparison, virus scanning and sandboxing. In addition to a Web service, the FBI has also developed an API for entities that want to integrate the resource into existing systems, Burns said.

For the time being, Malware Investigator is only available to law enforcement via the Law Enforcement Enterprise Portal (LEEP). Private sector organizations will soon be able to access the service via InfraGard, the partnership between the FBI and the private sector.

It’s not a secret that the FBI is interested in collecting malware from multiple sources. Back in February, the agency announced that it was willing to pay for malware that would be used by the Investigative Analysis Unit (IAU) of the agency’s Operational Technology Division. The FBI said at the time that the collection of malware is “critical to the success of the IAU’s mission to obtain global awareness of malware threat.”

Advertisement. Scroll to continue reading.
Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


Daniel Kelley was just 18 years old when he was arrested and charged on thirty counts – most infamously for the 2015 hack of...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...