Do not get me wrong, I am happy that the FBI is going to open their Malware Analysis tool to outside researchers, but did you know that you can create your own FBI Malware Analysis Tool within a couple of hours?!
You can create your own Malware Analysis environment with the Cuckoo Sandbox project. Just take a look at the Malwr.com website, you will see that the site uses the Cuckoo Sandbox project. The Cuckoo Sandbox project allows you to research and analyze various malware samples.
The only thing you will need to consider is the fact that you will need to setup your own environment, but hey – that’s exactly what we are going to do.
The FBI Malware Analysis Tool is only available if you sign-up for an agreement with the FBI. So instead of having an agreement with a foreign government, you can setup your own Malware Analysis environment by using Cuckoo Sandbox.
So what is Cuckoo Sandbox:
Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.
I have setup these questions as they will provide insight on what you will need for the Cuckoo Sandbox project. I have setup multiple Cuckoo Sandbox environments, on various hardware settings and trust me, when I say that it make a big difference. So let’s select the right environment settings first.
This question is important as the Cuckoo Sandbox will store the samples and databases on your own private environment. So if you want to have 500 000 malware samples and 500 000 reports on the malware samples you will need to have at least 2TB hard drive storage.
If you want to spend money on the project, you might be interested on using a dedicated server, or a home build (high-end) server.
If you are going to connect the Cuckoo Sandbox environments to the internet (which is recommended), I urge you to create a secure network for the current environment you are using. You do not want to have a malware outbreak in your private (any) environment.
If you are going to run the Cuckoo Sandbox from home, inform your provider so they will not put your IP on a blacklist. I did this once, and my IP has been free from blacklists ever since.
No, do not do that. You will be able to run the cuckoo sandbox environment, but it will be EXTREMELY slow.
Awesome. If you want to do that – do inform your provider so they will not block the IP.