Researcher Launches Site for Publishing Malware Vulnerabilities


Security researcher John Page has launched a web portal to publish vulnerabilities in the code of common malware. Page hopes other cybersecurity specialists will use them to disable and remove malware from infected systems as part of security incident response operations.


MalVuln (malvuln.com) is a typical vulnerability disclosure portal. Like other similar resources, it contains the names of programs (in this case, malware), detailed technical descriptions of vulnerabilities and PoC exploits so that researchers can exploit these vulnerabilities.


MalVuln currently has details of 45 vulnerabilities discovered by Page himself. Some of these are found in newer malware like Phorpiex (Trik), and some in older malware like Bayrob. Other researchers have not yet added their descriptions to the portal, and Page does not accept them now. However, the site has a PGP key, and Page plans to accept vulnerability reports from other bug hunters in the future.


Among other things, the launch of MalVuln touches on a very delicate topic in the field of information security. For more than a dozen years, cybersecurity experts have carried out retaliatory operations against malware in complete secrecy. With the help of vulnerabilities found in malicious code, researchers can penetrate cybercriminals' infrastructure, hack C&C servers to obtain information about victims, or use vulnerabilities in malware to disable it and remove it from an infected host.


The above practices are kept secret due to possible legal implications. In addition, not knowing about the exploitation of vulnerabilities in their programs, cybercriminals do not fix them, and information security experts can continue to use them. So it comes as no surprise that not all researchers were happy about the launch of MalVuln earlier this month. According to some information security experts, the portal indirectly helps operators of malware by pointing out vulnerabilities in their code and effectively depriving information security companies and incident response teams of valuable tools.


Page himself does not care about this aspect at all. In his opinion, prohibiting the publication of vulnerabilities in malware is the same as hiding vulnerabilities in legitimate programs for fear of being exploited by hackers.

Previous Post Next Post