So after attending a training event in which CERT-CC staff said they are always run ragged notifying compromised organizations of a compromise I came up with an idea that quits wasting tons of freaking time.  Instead of having every security company on the planet contacting and maintaining lists for POCs, emails, phone numbers of security staff of every organization on the planet in order to notify them that 10000 of their users are now compromised, theft of PII, botnet infiltration, whatever you just do this.

Set up a Industry Security Notification portal where organizations can register and a organizational RSS feed is dynamically created for them.  A XML data sharing schema is put in place to represent the details of said compromise.  It would have a Organizational tag on it that identified the specific organization.  If a security organization obtains information of a compromise of PII from say 10 different companys, they split the data up by company and post directly to the organizations RSS Data feed to which they have previously subscribed when they signed up.

This way Due Diligence of notification has been accomplished, and the or other security firm can wipe its hands of its notification duties, and go about actually doing specialized R&D to solve this mess once and for all instead of spending precious time on bullshit.

Organizations that have not registered with the Portal site, would still have their RSS compromise detailed information published, however it would be an encrypted blob.  All that would be shown is the organization name and very high level details of the event.  Im sure if published publically personal and professional networking would take over and they would find our really quickly, check the details and resolve the issues.

Once events are resolved, they can be archived off the portal in to the organizations account and taken off of the public dashboard associated with the site.

Lets call this the Web2.0 solution to Incident Response Notification and a better and smarter responsible way for companies to quit doing waste of time work and start doing Real work.

OMG – its so simple….


Now someone just needs to get off their ass and implement it.  How about the Big 5 to start.  Microsoft, Symantec, McAffee, Trend, Cisco.  Start setting an example and respond to a critical industry security need that helps all of us and presents a Gamechanger for Cybersecurity.

Here is an example of data repatriated via a 10 day Rustock/Mebroot/Torpig botnet takeover.  The researchers captured the data and then analyzed it and went scratchin their heads as to who to contact about the data, how to notify the victims and the sheer scope and bullshit that would be need to do all the notifications.  HERE is an example that justifies the implementation of my idea.


So here is a little experiment.  I am going to run a monthly posting contest.  The purpose is to allow malware authors to hype their baddest ass skills and techniques as compared to some of the most insidious examples the research community has been dealing with.
Winners will recieve the dubious title of BADDEST ass code that does the BADDEST ass things.  O yea.  and the right to be represented by this Avatar.


There will be a chumpy award as well for code that thinks its bad ass enough to be ranked as the best but really is “old tired and busted” using stale and well know techniques.

They will get represent with this little digital Homage..

So here are the categories for assessment of who the baddest should be.

  • Best Hiding Techniques for (files, registry, process listing):
  • Best network or file based stenagraphy techniques:
  • Best innovative and destructive capabilities:
  • Most kleptoKrazy information stealing capabilities:
  • Most innovative functions: if you mention opening the CD drive bay door you get DDos’ed automajically:
  • Most enriching social engineering techniques: Sorry Bernie Madoff has the record so this place is automatic second place:
  • Most elegant code/resilency from detection:
  • Best polymorphic,metamorphic illusionist techniques:
  • Best code protection for code and logic integrity vs debugging, tracing, dumping:
  • Innovative and secure use of encryption:
  • (if you submit xor/rot/base64/rc4 or any other weak ass shit you get your remote files automatically encrypted with AES 256bit and the secret key Secure deleted from memory and the entire file system.  That’s after the secret key is encrypted. of course.
  • Best and most ievil undetectable Embedded attacks against third party file types. IE Office, Flash, PDF, CHM ectera:
  • Baddest and most comprehensive web page example with close to every drive by exploit out there:
  • Most Disruptive piece of code:
  • VISTA pwnage.  (most code rapes XP)  start evolving and compromise Vista systems if you have the balls: Special points for getting around Vista Security and specifically the 64-bit hardware enabled in BIOS DEP features.
  • Implementation of malicious VMs as a obfuscation technique or as a the payload itself by putting the target into the matrix without his knowing.

Requirements for submission are as follows:

  • Name of malware or self named or just plain found somewhere.
  • Why it deserves inclusion into the baddest ass hall of malware fame from a technique standpoint.
  • Description of its capabilities and its closest variants if any.
  • And for the do gooders, Who and what is to blame for this glaring technique and what can be done about it.
  • And O yea.  is it able to fully exploit and run on a Base build of Microsoft Vista SP1 SP2 out of the box.

Several CODE samples to compare your submission to for innovativeness and complexity.

Kraken, Storm, Conficker,Waldec, Rustock, Asprox, Pinch, Zeus, Bancos, Coreflood, Tigger/Syzoor

Participation by the research community and security vendors that might have the balls to discuss will get mad props for actually supporting research.

WELL let the games begin:

Awards and Ranking will be from 1 to 10.  If im impressed I will paypal monetary goodness maybe possibly if I actually feel something in my pants after reading.




Get every new post delivered to your Inbox.