A colleague gave me a link to the Malware Challeng site. Basically, they have a sample and you have until the 26th of October to analyze it and send them the analysis and prizes will be given to the best analysis. Prizes will be given.
But this is not what I wanted to talk about. Rather I was interested in the person(s) behind the site. This information was not readily available on the site (a sign which always makes me suspicious), so a little investigation needed to be done ;-). Here are the steps:
- According to the whois information (DomainTools rocks by the way!) the domain was registered by "greg tyler" with a gmail address.
- The search for the name didn't turn up anything interesting (and it was also half-fake, as you'll see in a bit), so I tried the email address. This also didn't work, so I tried searching for the name and the first part (before the @gmail.com) of the email address.
- This lead me to two presentations titled hosted by the US CERT, titled (warning! pdf links!) Malware Analysis - A forgotten skill and Latest Malware Techniques.
- From here it was a straight line to one of the presenters, Greg Feezel, who owns the email address used to register the domain, which is a strong evidence for the theory at he is (one of the persons) behind the site. Here is his LinkedIn profile.
Conclusions: it is rather hard to stay anonymous on the web. Yes, he could have used an email address just for this site (it is hosted on a shared server by ThePlanet - a practice I strongly recommend against BTW - for security reasons), used an entirely different name and some kind of whois privacy service, but in the end I'm not sure that it is worth the stress to make sure that you don't leak information. Myself, I have a relaxed attitude towards the concept. I don't publish my full name with every post, but a couple of searches probably will reveal it.
Update: a clarification has been added to the FAQ naming the organizers.
Hey, great investigative work. Actually we weren't trying to hide the creators behind this challenge, we just forgot to put our names on the site initially. The 'we' I speak about are Tyler Hudak and Greg Feezel...we are the creators. This challenge is actually tied to the talk we are doing at the Information Security Summit conference taking place in Northeast Ohio.
ReplyDeleteThanks again for the post.
--Greg Feezel
Hey, great investigative work. Actually we weren't trying to hide the creators behind this challenge, we just forgot to put our names on the site initially. The 'we' I speak about are Tyler Hudak and Greg Feezel...we are the creators. This challenge is actually tied to the talk we are doing at the Information Security Summit conference taking place in Northeast Ohio.
ReplyDeleteThanks again for the post.
--Greg Feezel
Hey - don't forget about the other person behind it, Tyler Hudak. :)
ReplyDelete