Closed Bug 646957 Opened 14 years ago Closed 7 years ago

create safe & secure place to receive, analyze, share malware samples

Categories

(Socorro :: General, task)

x86
All
task
Not set
normal

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: chofmann, Unassigned)

Details

not sure socorro is the right place for this but will start here and maybe this moves toward its own independent service with a few tie-in points to socorro crash data. the system that we need will help analyze, diagnose, and work with AV vendor to protect firefox users from malware .dll's we have started reaching out to some crash reporting users to gather samples of possible malware .dlls. the samples might used to create reproducible test cases, fed into systems like http://virscan.org/ to identify and classify, or turned over to AV vendors where there is more research required. as we gather these samples we need a system that provides a good firewall from other critical systems and test infrastructure and defends against the malware infecting these systems and/or testers. the system needs to provide a standard process for contacting users, and makes it easy for them to share samples. here are some examples where this kind of work has started in topcrash bugs [Bug 638139] e-mail users with request to help diagnose 4.0 beta malware related crashes [Bug 633445] - Crash [@ mozalloc_abort(char const* const) | NS_DebugBreak_P | nsCycleCollectingAutoRefCnt::decr(nsISupports*) ] [@ mozalloc_abort(char const* const) | NS_DebugBreak_P | AbortIfOffMainThreadIfCheckFast ] [Bug 627716] Crash [@ STAN_GetNSSCertificate ] with loaded spdg.dll, probably a malware
the things talked about in [Bug 577613] create a wiki page/site where users/community members can enter more information pertaining to a DLL are also relevant to what we are trying to do here.
http://www.virustotal.com/ is another similar kind of service.
Component: Socorro → General
Product: Webtools → Socorro
way outside our scope
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.