In my ever-widening circle of anti-cybercrime methodology this particular approach to attribution of the criminals looting the free world makes me particularly gleeful and I can’t wait to spread the good news:
- Security company HBGary today released an open source tool to digitally fingerprint malicious code and help identify the source of the malware. The tool looks for unique artifacts created during the writing and compiling of the malicious software.
- “This is something that I’ve invested a lot of time in over the last year,” said Greg Hoglund, the company’s chief executive officer. “Every component in the [malware development] tool kit has the ability to leave an identifying mark,” he said.
- No single tool mark will identify the source of the malicious code by itself, but a collection of marks can create a uniquely identifiable fingerprint, Hoglund said in an interview with GCN. Now, the tool examines 10 to 20 identifiable tool marks in a piece of binary code to produce a fingerprint.
Wait until AMTSO members start collaborating on fingerprint identity trading, building data. From HBGary’s site:
- HBGary’s Fingerprint, a freeware tool released today, represents a breakthrough in the development of a viable attribution solution. It enables the clustering of previously unrelated malware specimens, which in turn enables the individual pieces of intelligence associated with each specimen to be clustered and analyzed collectively.
Seems like this technology will give FBI Cyber Crimes Top Cop Gordon
Freeman Snowe’s Rendition Teams a more refined profile. So much the better.
Message to all cybercriminals is still loud and clear: we’re coming to get you. One way or another.
Author ESET Research, We Live Security