"New Website Launched to Document Vulnerabilities in Malware Strains"
A security researcher named John Page has launched a new website called MalVun that lists vulnerabilities in malware code. The site aims to help other security professionals break, disable, and uninstall malware on infected hosts. The site is described as a vulnerability disclosure portal. It lists the malware's name and a technical description of its vulnerabilities. The site also provides a proof-of-concept (PoC) exploit code so security researchers can reproduce the issue. MalVun currently lists 45 security flaws, some of which were discovered in current threats such as Phorpiex (Trik) and older malware strains like Bayrob. As outside submissions are not being accepted yet, all of the vulnerabilities listed on MalVun were found by Page. Although there are benefits offered by MalVun, it has ignited concerns about how it could indirectly help malware authors by pointing out the vulnerabilities in their code, potentially impacting the effectiveness of tools used by security firms and incident responders to combat malware. Other security researchers who support the practice of hacking back against malware operators have shown their support for the site. This article continues to discuss the contents and purpose of the MalVun portal, as well as the controversy surrounding the practice of "hacking back."
ZDNet reports "New Website Launched to Document Vulnerabilities in Malware Strains"