[ale] [OT] Databases of viruses/malware

Lightner, Jeff jlightner at water.com
Wed Mar 2 13:58:54 EST 2011


http://cve.mitre.org/

"CVE is a dictionary of publicly known information security
vulnerabilities and exposures."

Most of the security alerts I get from various vendors about known
issues will have their own internal name (e.g. bug tracking) for how it
specifically affects them but they will generally point back to a CVE
number for underlying issue.  (e.g. RHEL and Ubuntu might issue their
own security alerts for a php flaw but will usually show the underlying
php CVE.)

-----Original Message-----
From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On Behalf Of
Michael B. Trausch
Sent: Wednesday, March 02, 2011 1:17 PM
To: ale at ale.org
Subject: [ale] [OT] Databases of viruses/malware

Well, alright, so I'm not technically sure if this would be considered
off-topic or not.  I'm going to err on the side of safety and say that
it most likely is, though this is something that has to be dealt with on
Linux servers that handle Windows clients.

In any event, I'm looking into a problem, and one of the things that I
need to do is find (good, useful) information on the particular item
that is being problematic.  How it works and so forth.  I'd assume that
there is a database of viruses and malware somewhere that provides such
useful information, but I'm missing it if there is.

In lieu of that, is there a place somewhere out there that makes these
sorts of things available?  Obviously, I can see the abuse potential for
something like that, but it would also be useful for finding things and
obtaining them to run them in isolated sandboxes in order to assess
their total impact to a system.  It seems that even with all the
well-known problems that exist in the Windows world, it's difficult for
legitimate AV/AM solutions to clean up after cruft that manages to land
in a system.

In particular, the baddie that I'm looking at has managed to get around
the permissions setup in the system (we're talking about a completely
restricted user account environment) and infect the system proper.  I
want to know just how it did that.

	--- Mike
 
Proud partner. Susan G. Komen for the Cure.
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------



More information about the Ale mailing list