[I told you these links were cursed: thanks to Daniel Schatz for pointing out a further problem. Tip of the hat to Kurt Wismer for pointing out the issue on the AMTSO blog, and another to Julio Canto for alerting me to the story in the first place.]
Danny Quist posted an interesting article at Offensive Computing commenting on the “Issues involved in the “creation” of samples for testing” document published by AMTSO (the Anti-Malware Testing Standards Organization) a while ago on the AMTSO documents page at http://www.amtso.org/documents.html. I subsequently blogged at some length on the AMTSO blog here, so I won't press the point here, but I will reiterate one essential point.
…if you’re attempting to create your own malware because you can’t get samples from other sources, the chances are that you don’t have the knowledge to create samples that represent real-world threats.
There seems to be a curse on this story as far as links are concerned: the link in the Offensive Computing post still doesn’t actually go anywhere, but the correct link to the original paper is this. Unfortunately, the link somehow also somehow broke in the AMTSO blog, and the link to the Offensive Computing blog disappeared altogether, but they're both fixed now. I think!
David Harley CISSP FBCS CITP
Research Fellow & Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at:
Author David Harley, We Live Security