This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Open source 'Malwr' analysis tool launched

Share this article:

A free web-based malware analysis tool powered by Shadowserver aims to shake up vendor-controlled and proprietary systems.

The Malwr tool is designed to provide security professionals with a free and customisable, open-source tool.

It is a front-end for the open source Cuckoo malware analysis sandbox and serves as an alternative for users who don't have the resources or time to operate a Cuckoo installation.

Cuckoo's Claudio Guarnieri said he created Malwr because he found free analysis tools lacking and commercial sandboxes too expensive.

“A lot of companies run [malware analysis] and it's becoming a really profitable market, leaving no space for free initiatives,” Guarnieri told SC Australia. He said that in the first 36 hours, Malwr received about 15,000 page views from 2,000 unique visitors who submitted around 150 files. Some 22 per cent of traffic related to attempted attacks.

While Malwr is running in a limited testing mode, Guarnieri said the Shadowserver resources underpinning the tool would allow it to scale to 10,000 analyses per day.

The Cuckoo sandbox was developed in 2010 as a Honeynet Project for Google's Summer of Code, and recommenced development for the 2011 Google initiative. Development of Malwr started in September last year, but Guarnieri said he always planned to build a web front-end for Cuckoo.

He said: “We would like also to get to a point where anyone running a Cuckoo node can link [their] own setup to our front-end, making it a fully fledged, crowd-distributed malware analysis network.

“It didn't take much work to get it together – most of the effort relies on trying to make Cuckoo a better product.”

A volunteer watchdog that tracks and reports the spread of malware, botnet and malicious activity on the internet, Shadowserver supported the project and supplied resources to it. Users will be able to refine Malwr by submitting code to Cuckoo.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

NCA wants security pros to become cybercrime fighters

NCA wants security pros to become cybercrime fighters

The UK's National Crime Agency is on the hunt for cyber security professionals to "join the fight against some of the world's most significant cyber criminals" on salaries ranging from ...

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in ...

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".

Apple Mac OS criticised for sending search results to third parties

Apple Mac OS criticised for sending search results ...

Apple is under pressure to make changes to the Spotlight feature on the new Mac OS X Yosemite 10.10, which tracks location and sends data back to the firm and ...