It looks like you're using an Ad Blocker.

Please white-list or disable in your ad-blocking tool.

Thank you.


Some features of ATS will be disabled while you continue to use an ad-blocker.


Help ATS via PayPal:
learn more

State Sponsored Malware Identification/Detection Project

page: 1

log in


posted on Jan, 28 2015 @ 02:02 AM
Introduction: State sponsored malware is among the top growing threats to electronic privacy we face. Each year, elements within the state national security apparatus release an assortment of invasive applications known commonly as malware - but this stuff is anything except common. It can steal your passwords, documents and even record your keystrokes. In certain instances, such as Stuxnet (a joint US-Israeli venture) destroy physical property.

1) Create an easily adaptable (possibly using XML) database of known SSMW samples.
2) Catalog entries according to their origin, deployment, use, etc.
3) Create some process by which these can be identified with open source software that well create and release. We can do this by scanning for known checksums, files, processes and so on.

I think we especially, as enquirers into alternative topics, need a way to ensure we aren't victimized by illegal malware.

Any volunteers for this project? It is sure to be a research and effort intensive project, but one that could likely benefit many people in the long term.

posted on Jan, 28 2015 @ 06:50 PM
At first, I didn't realize the scope of this problem! I feel that its best to use a standard-ish type method to document them. For those joining me in this project, feel free to use your own template if you'd like!

Name of malware: (ex. Flame, stuxnet, warriorpride)

Type: (Virus, Trojan, worm, composite, etc)

Attack Vector: (download, USB drive, worm, etc)

Mechanism of action:

Duration of action:

Known infections:


Associated footprint: (checksum, files, etc)

Removal technique:

I think this is a decent format, at least to start with. If anyone has a better way, I'm all ears!

posted on Jan, 29 2015 @ 03:50 PM
a reply to: JBurns

State Sponsored Malware Database Entry #1


Type: Worm/zero day exploit (x4)

Attack Vector: Worm, USB Drive

Mechanism of action: Targets WIN OS/Siemens Step 7 software to affect programmable logic controllers. These controls, among other things, are used to regulate centrifuges that separate Uranium-235 from the common U-238 isotope - in a process known as enrichment. STUXNET literally caused 20% of Iran's centrifuges to rip themselves apart.

Duration of action: unlimited potential, as Stuxnet has a root kit module allowing it to hide its files and processes from detection.

Known infections: Iran nuclear enrichment facilities

Origin: US/Israel

Footprint: (going to compile its source and run a few tests on my Dev machine)

Detection removal: (no current precise method, our project will climate in open source software for detection and removal)

The first weapon made entirely of code.

posted on Jan, 29 2015 @ 03:53 PM
I am currently setting up a "nuke this server" type set up for this project.

It will allow us to test these malware applications in a VM sandbox. I'm working on a way to give remote access to the VMware for other researchers to conduct tests/review findings.

posted on Feb, 3 2015 @ 07:30 PM
Just wanted to welcome Jamiros and Fossilera to the project! We'll be posting regular updates in here. Please stay tuned for what's sure to be a great project.

Special thanks to Springer and ladyinwaiting!


posted on Feb, 23 2015 @ 10:38 PM
a reply to: JBurns

Finally made it in on the project! Can't wait to lend some expertise as an Engineer into the mix.

First off, I will second the idea on using an XML-based database to start. Eventually, as this project theoretically grows, we may want to consider another method of storing the data, but for now this will do fine.


new topics

top topics

log in