So Joe Stewart a researcher I admire for his willingness to reveal his botnet research to the general masses, especially through his top 10 lists of the largest.  He has also done excellent research on more sinister malware such as Coreflood which has evolved over the years.

Apparently he is presenting some similiar concepts at RSA soon that I have been espousing here such as my cyber Special OPs forces targing cybercrime networks.

Here is a quote from his blog

“Finally, on Thursday I’ll be delivering my own presentation entitled “Demonetizing Botnets” at 2:10 PM. This talk outlines my ideas for how we should restructure our efforts at fighting not just botnets, but cybercrime in general, both long and short-term. In this presentation, I will introduce a concept I call “offense-in-depth”, which I believe is the only approach that can address most of the cybercrime problems we are currently facing, given the current environment with respect to law enforcement’s challenges in cyberspace and pervasive vulnerabilities in computing and networking. I’m not saying my plan is any kind of silver bullet, but I hope it becomes part of the arsenal of everyone out there who is attempting to stem the tide of malicious software and computer intrusion. If you are interested in hearing my take on these matters, please attend. If anything I say inspires you to action, please meet up with me after the talk, and we can discuss the issues further. Hope to see you there!”

I love some of the trade rags takes on his opinions. Titled….    (Joe I am behind you  on this one.)

Researcher wants hacker groups hounded mercilessly

Botnet expert Joe Stewart says ’special ops’ teams could thwart cybercriminals

These concepts I have discussed in great depth in some of my earlier posts such as our Spotlight Shine Bright series, and my I call Shenanigans, and BBC Wussy Robin Hood articles.

On a seperate yet personally disappointing note.

A technology company employing some of the best and the brightest in the field just released an update to their product that almost completely copies my original research.

The company is called HBGary lead by the guys that literaly wrote the book on Rootkits.  I would  be very interested to know how they originated the idea considering I discussed it with them while I was thinking about working for them last year in the DC area.  However it was so long ago that I can’t remember what was discussed and at the time while I was fleshing out the concept and laying out my research it never got beyond the pre-prototype stage.

Its entirely possible that they came up with it on their own, there was no prior research published at least via Google when I did my prior work search on the concept.  HBGary seems to have done a good implementation job jumping on the concept calling it Digital DNA and incorporating it into their flagship product the Responder Pro.  Which seems to be a very well put together system.

I was working on a patent pending revolutionary concept and system called Malware DNA and the Simple Malware Analysis for the Security Operator (SMASO).  This concept I was prototyping on my own with some associates since last August 2008/September 2008 until just recently.

The concept involved the generation of malware code DNA signatures that are extracted and applied to specific samples.  The goal being to separate malware characteristics (what it is) from its functions (what it does).

For example the fact that a piece of code packs itself to hide from Antivirus or hinder reversing is a characteristic.  In and of itself it poses no threat.  A piece of code that can read/write files to your system and execute programs is a dangerous functionality all around.  That is a Function.

My idea involved the creation of a Flex built digital cyber dashboard which analzyed samples with backend systems, extracted automatically or manually the DNA, and created a signature for the malware that combined a respresentitive string a bits that represented the DNA in combination with a Secure HASH signature of the malware.

The dashboard generated a characteristic score and a functional score that resulted in an overall threat score.

What they have not done however is what I envisioned is using this dashboard to describe the malware DNA in laymans Terms so that cyberoperators and CIO types can RAPIDLY understand the threat and deal with it.  Not try to understand a bunch of gobblygook.

The third component is an intelligence component that combines raw multi-disciplined private and open source intelligence on the bad guys that are behind the campaigns into digital dossiers.

I will be finding the oldest copy of my research and digitally hashing it and posting it here.  I guess its my fault I did’nt jump on it faster.  My associates and I were debating the best approach to bring it to market.  Either Open Source to benefit the community or through a product company as a point product or a Security as a Service concept.  Or build it and go it along as our own company.

If any PATENT LAWYERS would like to send me some free advice, I would surely be willing to listen.

If HBGary would like to discuss some of my further ideas about taking their current implementation and expanding them into the full vision I would love to have some discussions.  There is a lot of potential there and I wanted to express my Kudos to them for a nice implementation and product.

I am on the East Coast DC based and would also be willing to entertain some employment opportunities in the Dark Side of this work.  I am fully gainfully employed and well compensated, more than most, but would like to change venues to these areas of research.  I fully believe there is not much being done in this area as you can see from my earlier posts.