^ Top

NANOG Meeting Presentation Abstract

Using the Malware Hash Registry
Meeting: NANOG45
Date / Time: 2009-01-26 3:00pm - 3:30pm
Room: La Fiesta Theater
Presenters: Speakers:

Stephen Gill, Team Cymru

Stephen Gill is Chief Scientist, Research Fellow, and co-founder of Team Cymru. Stephen has worked as a senior network engineer, security architect, and technical analyst at various companies including IBM, Dantis, GTP,<BR> Vanco, and Cisco Systems. He thrives on innovation, talking tech, and researching the 'who' and 'why'. He equally enjoys worldwide outreach with partners towards solving the technical and social challenges of malicious<BR> Internet activity. He is honored to lead the technical charge for such a forward thinking group of security researchers.
Abstract: Team Cymru will review how to make best use of a new service that has been announced recently dubbed MHR (Malware Hash Registry). The MHR service allows you to query our database of many millions of unique malware samples for a computed MD5 or SHA-1 hash of a file. If it is malware and we know about it, we return the last time we've seen it along with an approximate anti-virus detection percentage.



Upon submission of a malware hash, the output of the command will return a date the sample was first seen as well as the detection rate we've seen using up to 30 AV packages. The detection rate is based on the first time we scanned the sample.



The MHR compliments an anti-virus (AV) strategy by helping to identify unknown or suspicious files that we have already identified as malicious. This enables you to take action earlier than you would otherwise be able to. We also present a client side toolkit to complement your standard AV packages using this system.
Files: pdfGill malware N45(PDF)
youtubeUsing the Malware Hash Registry
Sponsors: None.

Back to NANOG45 agenda.

NANOG45 Abstracts

  • Introduction to LISP
    Speakers:
    David Meyer, Cisco Systems/University of Oregon; Dino Farinacci, Cisco Systems;
  • Introduction to LISP
    Speakers:
    David Meyer, Cisco Systems/University of Oregon; Dino Farinacci, Cisco Systems;
  • Welcome Party
    Speakers:
    Sponsor Dominican Government, through the Dominican Republic, Export & Investment Center (CEI-RD)None; .
  • DNSSEC
    Speakers:
    Kevin Oberman, ESnet; Chris Griffiths, Comcast Cable;
  • DNSSEC
    Speakers:
    Kevin Oberman, ESnet; Chris Griffiths, Comcast Cable;
  • Peering 101
    Speakers:
    Kevin Oberman, ESnet; William B. Norton, InterStream;
  • Peering 101
    Speakers:
    Kevin Oberman, ESnet; William B. Norton, InterStream;
  • ISP Security
    Speakers:
    Eric JacksonArbor Networks; .
    Warren Kumari, Google;
  • ISP Security
    Speakers:
    Eric JacksonArbor Networks; .
    Warren Kumari, Google;
  • 4-byte ASNs
    Speakers:
    Greg Hankins, Force10 Networks; Chris MalayterSwitch and Data; .
  • 4-byte ASNs
    Speakers:
    Greg Hankins, Force10 Networks; Chris MalayterSwitch and Data; .
  • Peering
    Speakers:
    Aaron Hughes, Cariden Technologies, LMCO, UnitedLayer;

 

^ Back to Top