now browsing by tag
I have been steadily using Malware Investigator since its public debut in early March of 2015.
I have grown more and more upset with the service over this time period, and in the end, I’ve realized its not providing me any more of a service, than what is being provided via cuckoo, virus total, or malwr. Furthermore, even with some of the early on problems faced by malwr, I still believe that malwr is more available than the Malware Investigator tool is.
Problems experienced using Malware Investigator:
1) Downtime – Their servers are often down outside normal business hours, and even down sometimes during business hours. Often times, the SAML authentication that occurs between the InfraGard website and Malware Investigator fails, or I get redirected to various error pages at Malware Investigator.
2) Processing Time – It often takes an insane amount of time to analyze my traffic. For the majority of the malware that I have submitted to their website, I would guess that the mean time to analyze is approaching a week and a half. I feel that they should have enough resources at their disposal to process malware faster than 1.5 weeks.
3) Correlations – This is the part that really got me excited to use Malware Investigator. However, it seems as if it is a little bit of a misnomer. I had thought, that it would allow me to compare the malware I find, and compare it to other malware used in higher profile breaches / incidents, and it would alert me to that (with a certain level of discretion of course, understanding different classification levels of information provided by the FBI). Unfortunately, correlations generally gives you the ability to see other usernames of people that have uploaded that same piece of malware.
4) General Brokenness –
a) My profile has become littered with malware that I never submitted. There are a number of .dll files littering my screen that has had analysis performed against it (supposedly), that I never submitted.
b) I can’t get the proper listing of malware that I submitted to the site, unless I happen to remember the name of the malware that I submitted. The general overview, where you should be able to browse all the malware you submitted, however, that is completely broken for me, and the only way to find the malware I submitted, is if I happen to remember the name of the malware that I submitted; so it seems the search process still works, however, the listing of malware doesn’t.
I will point out, the single feature I like at Malware Investigator, and the only reason I still use it. I use it to analyze all the linux, unix, mips, and other non-windows malware that I am able to collect. That is the single weakness of both malwr and VirusTotal, is that they will not, or maybe properly said, do not have the ability to analyze the various linux/unix/mips/whatever malware variants that I upload.
So, with all these problems I have experienced, I ask the question, “How broken is Malware Investigator?” And, “Is Malware Investigator broken beyond belief?”
Do you think that malwr and VT should start accepting, and being able to process linux malware, or does it represent such a low number of infections, that it would be going too far? Let me know, by posting a comment down below.
Please leave a comment, let me know if you use Malware Investigator, if you don’t, and why; I want to hear other peoples reaction to Malware Investigator.