New service - the Team Cymru Malware Hash Registry!
frnkblk at iname.com
Tue Oct 28 00:17:50 CDT 2008
Interesting idea -- two questions:
a) Will Cymru be developing any plugins for sendmail and the like that
facilitate Cymru's MHR to be queried?
b) Is Cymru cooperating with VirusTotal on this project? They compute
hashes, too, and it could be a data feed for Cymru's content
From: Ian Cook [mailto:ian at cymru.com]
Sent: Monday, October 27, 2008 1:12 PM
To: nanog at nanog.org
Subject: New service - the Team Cymru Malware Hash Registry!
This email is to announce a new look-up service that Team Cymru is
launching today. The Malware Hash Registry (MHR) service allows you
to query our database of many millions of unique malware samples for
a computed MD5 or SHA-1 hash of a file. If it is malware and we know
about it, we return the last time we've seen it along with an
approximate anti-virus detection percentage.
THERE IS NO COST FOR NON-COMMERCIAL USE OF THIS TOOL. ACCESS IS
PUBLICLY AVAILABLE TO ANYONE.
Upon submission of a malware hash, the output of the command will
return a date the sample was first seen as well as the detection
rate we've seen using up to 30 AV packages. The detection rate is
based on the first time we scanned the sample.
Queries, including reasonable bulk queries, may be made using the
command line only.
The MHR compliments an anti-virus (AV) strategy by helping to
identify unknown or suspicious files that we have already identified
as malicious. This enables you to take action earlier than you would
otherwise be able to.
Full details including command syntax and procedures can be found
This is one of several new (free) data sets and services we are
currently providing to the community; if you haven't visited our
(recently revamped) site recently please do so for details of the
extensive work we do for the security community as well as further
advice, data and tips to help you make your networks more secure:
We very much look forward to working with you all on this new
project and we sincerely hope that as many of you as possible will
be able to actively participate in the use of this unique and very
exciting new service.
More information about the NANOG