Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Got Malware? The FBI Is Willing to Pay For It

FBI Looking to Buy Malware From Security Vendors

The FBI has placed malware on its shopping list, and is turning to vendors to help the agency build a massive library of malicious software. 

FBI Looking to Buy Malware From Security Vendors

The FBI has placed malware on its shopping list, and is turning to vendors to help the agency build a massive library of malicious software. 

According to a ‘Request for a Quote’ posted on the Federal Business Opportunities website, the FBI is looking for price quotes for malware for the Investigative Analysis Unit of the agency’s Operational Technology Division.

“The Operational Technology Division (OTD), Investigative Analysis Unit (IAU) of the FBI has the following mission: Provide technical analysis of digital methods, software and data, and provide technical support to FBI investigations and intelligence operations that involve computers, networks and malicious software,” according to the document (.doc).

Malware Code“The IAU has a team of highly trained technical analysts, specialists and engineers providing on-scene technical support, employing innovative, custom developed analytical methods and tools to analyze collected data,” the document continued. “Critical to the success of the IAU is the collection of malware from multiple industry, law enforcement and research sources.”

According to the request for quote, any malware submissions must meet a set of baseline functional requirements:

i.      Contain a rollup of sharable malware as included in the malicious URL report

ii.     Be organized by SHA1 signatures

iii.    Be updated once every 24 hours

iv.     Be a snapshot of the prior 24 hours

v.     Be, on average, 35 GB per day and include the following file types: 

Executable file types from Unix/Linux, Windows and Macintosh

Archives files

Image files

Microsoft Office documents

Audio and Video files

RTF files

PDF files

PHP files

JavaScript files

HMTL files

vi. Be able to retrieve feed in an automated way through machine-to-machine communication

vii. Initiations of accessing feed shall be pulled by IAU not pushed to IAU

The agency does not say precisely how the malware will be used, but the document calls the collection of malware from law enforcement and research sources “critical to the success of the IAU’s mission to obtain global awareness of malware threat.”

“The collection of this malware allows the IAU to provide actionable intelligence to the investigator in both criminal and intelligence matters,” according to the document.

The FBI did not respond to a request for more information from SecurityWeek before publication.

“The FBI reserves the right to request a sample product for test and evaluation purposes,” the document notes. “If a test sample is requested, the vendor will be notified when and where to send the sample. Given the nature of the solicitation, any test/sample product(s) will be removed/deleted at the conclusion of testing. To ensure that sufficient information is available, the Offeror must furnish, as a part of the quote, all descriptive material necessary for the purchasing activity to determine whether the product meets the salient characteristics of this requirement.”

Price quotes and a description of capabilities are due on Feb. 14.

Written By

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.


Security researchers with Juniper Networks’ Threat Labs warn of a new Python-based backdoor targeting VMware ESXi virtualization servers.