When you make your first steps into the world of cybersecurity, you were probably filled with the same awe and wonder I was – how do viruses work? In a strange, Stockholm Syndrome-like way, I had a subtle admiration for threat actors and their ability to create malware which causes so many problems. Why do they do it? What drives them to do that and how do I stop them?
In this pseudo-romantic journey into the world of malware creation, I stumbled upon a number of open-source intelligence websites that helped me figure out how malware worked and how to detect it. The more that I started to battle against the adversary, the more interested I became in understanding their tactics and techniques as they emerged. That is what has led me to one of my favourite repositories for malware information – Virus Share.
What is VirusShare?
Growing up before the real explosion of the internet, there is something comforting and nostalgic about simple website design. Simple HTML-only sites like Virus Share just do what they say they’re going to do – in this case, teach you about malware because “sharing is caring”. As you can expect, without over 50 million malware samples on their books, the sharing ethos is very real amongst the Virus Share team.
Thanks to that simple HTML design, Virus Share is extremely easy to use. When you visit the website, you’ll find a simple interface that gives you five options. This OSINT tool is certainly for dummies, which is probably why I like it so much.
The five basic options given on the website are:
This does what you expect – takes you to the home page where the latest virus updates are shown. Nothing unusual here.
As of the last time I consulted the website, there are 439 lists of MD5 hashes for malware samples which you can torrent. Set up for tools like Autopsy, AXIOM, EnCase, and X Ways, the hashes are an excellent resource for dealing with unknown adversarial threats. There is even a link to the unpacked lookup table, kindly handled by the Codex Gigas team.
A cybersecurity professional who doesn’t focus on continuous professional development is practically a caveman in the modern world. If you don’t know about the new emerging threats, you’re not justifying your pay cheque. That’s why some excellent articles have been shared to the website by the many cybersecurity researchers and writers who use Virus Share. Excellent professional exploration, but I would be lying if I said the articles made for bedtime light reading.
The history of the Virus Share team and how to contact them. Nothing unusual here either.
A-ha! We have found the keys to the kingdom. By creating an account with Virus Share, you get access to the 50 million malware samples that they have on their books. If you’re working in a blue team, a red team, or research, you will have plenty to play with here. Updated daily, let’s just say that you will be able to find pretty much anything you want – or at least, you will be able to upload the malware that you can’t find!
As you can probably tell from what we’ve already said, Virus Share is very easy to use. Logging in and downloading samples is as simple as signing up, so the rest falls on you to actually test these pieces of malware. If you’re not feeling brave enough to jump straight into testing, there is also a helpful breakdown of the uploaded malware, where it was detected, how it works, and other useful information.
A very simple tool, to be sure, but that simplicity takes the bite out of malware analysis – the difficult part should be actually analyzing the sample, not finding it!
Should I use VirusShare?
When it comes to open-source intelligence, I have a few simple metrics that I like to judge the various tools that we have been looking at:
Firstly, Virus Share is free, so it gets top marks in the cost department – there’s no such thing as a free lunch, but Virus Share serves as a complementary taster, I suppose. Next is simplicity, which Virus Share also scores highly on – it has one simple goal and it achieves it in a simple way. We can’t really ask for me. And, finally, range – thanks to the 50 million plus malware samples that are available, we can certainly say that it provides value for everyone searching for malware information.
That’s why I think you should incorporate Virus Share into your workflow when working with malware related tasks. It’s simple but robust, comprehensive while also being free – there’s not much more we could ask for. The only reason that it isn’t higher in our Top Ten is because its goals are very simple and straightforward – it won’t change your work life, but it is brilliant in how it achieves its aims.