Posted by: David Harley | November 18, 2015

Malware Sample Sharing

I’ve just seen a message from a visitor to this site asking whether Mac Virus shares OS X malware samples. I’m answering more or less publicly because it’s far from the first time I’ve been asked about sample sharing (not necessarily Mac-specific samples), and I don’t mind answering it again.

The short answer is yes, but only with people I know and trust, which basically means some of the people I know in the anti-malware industry.

The slightly longer answer is that these days I rarely have occasion to handle a sample myself – I’m a writer, not a hands-on researcher – even if one finds its way onto one of my machines. When that happens, I forward it for further analysis to a company with which I work closely, or to a specialist list outside that company: there are people there far better at sample processing that I am, and who have far access to far better kit. I also know that if it’s a sample that needs to be distributed more widely, that they’ll pass it on through the many channels that exist for that purpose in the security industry.

In fact, I’ve recently (with due care and attention) disposed of my own malware collection, which I maintained primarily for product testing purposes. While I’m still to some extent engaged with the product testing industry through the Anti-Malware Testing Standards Organization (AMTSO) and write about when appropriate (here, for instance) it’s as a commentator, not as an active tester – that phase of my life is long gone.

Oddly enough, a computer magazine once referred to a former incarnation of this site as a source of Mac malware samples. It wasn’t the case then (they did print a retraction subsequently), and it isn’t now. More recently, I stopped writing for one security group because they kept forwarding my address to people who wanted samples.

I know how difficult it can be for someone with an entirely legitimate need for samples to gain the prerequisite trust from the anti-malware industry, but if you’re someone I’d be prepared to share samples with, you already know that this isn’t the place to ask.

But it’s academic. I don’t keep samples myself. Sorry.

David Harley

