Uncle Sam: I want you to sell me malware

Uncle Sam: I want you to sell me malware

Summary: The FBI has an RFQ out to buy malware for research. Read the document and the project sounds legitimate, but the RFQ is still funny to read.

SHARE:
8

Do you have a malware feed you can sell? About 35GB a day? If so, the FBI wants to do business.

They have put out an RFQ (request for quote) for "malware." The project is a perfectly reasonable one: The Operational Technology Division (OTD), Investigative Analysis Unit (IAU) of the FBI investigates digital threats and provides consulting and support to the FBI and intelligence services. A live feed of malware is a good tool for such an organization to have.

But what's funny is how they shove the square malware feed peg into the round RFQ hole. Consider this part of the bid:

quantity1

What if the second feed is on sale, maybe 50% off?

The RFQ also directs the supplier to send the malware to a specific mailing address for the FBI's Engineering Research Facility in Quantico, "Attention: Supply Technician". One envisions a Fedex box of malware arriving every day.

Another part of the RFQ has some detail on what they are looking for and shows they have some idea of what they're doing, even if they are a little too interested in PHP files:

    Feed shall:
  • i. Contain a rollup of sharable malware as included in the malicious URL report
  • ii. Be organized by SHA1 signatures [sic: probably should be "hashes"]
  • iii. Be updated once every 24 hours
  • iv. Be a snapshot of the prior 24 hours
  • v. Be, on average, 35 GB per day and include the following file types:
    • 1. Executable file types from Unix/Linux, Windows and Macintosh
    • 2. Archives files
    • 3. Image files
    • 4. Microsoft Office documents
    • 5. Audio and Video files
    • 6. RTF files
    • 7. PDF files
    • 8. PHP files
    • 9. PHP files
    • 10. JavaScript files
    • 11. HTML files
  • vi. Be able to retrieve feed in an automated way through machine-to-machine communication
  • vii. Initiations of accessing feed shall be pulled by IAU not pushed to IAU

Topics: Security, Government US

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • just buy a linux or apple computer and surf the net

    youll get as much malware as you need or just buy an android phone because it comes preinstalled on that.
    DontUseGoogleAtAll
    • Typical troll

      Shows no proof to support there comment.....

      Yet another uneducated person with no real knowledge of IT..
      Next....
      RickLively
    • Ignorance

      Buy a Linux for malware? Do you realize just how stupid that is, or do you even care? I think your just an average everyday troll spewing your FUD on an OS that you obviously don't know anything about. I just abandoned XP for Ubuntu, and have been a happy and safe puppy ever since..... Now go away, troll....
      Tinman57
    • you are right

      no problem.
      Keep staying on win. It's ok.
      cheers
      Remo the Last
  • Our spying agencies ought to be using malware for target practice

    The fact that malware is rife on at least one of the very common OS indicates that our spying agencies (NSA, GCHQ...) are either thoroughly incompetent or that they, or their masters (if they have masters), really do want ordinary people to be subject to the economic and quality-of-life consequences of it.

    It's OT, but you could replace 'malware' above by 'cold calls'.
    Daddy Tadpole
  • This is how static analysis works

    A lot of companies actively search out malware feeds so they can collect the hash of them and use them in their databases. Then they scan files for the hash value and search for that value in files.
    The downfall is you need to have seen the malware once before. Thats why having just one AV doesn't make sense any more. Particulary at the enterprise/government level they need to scan with multiple AV engines so you get the benefit of 5-20 different virus signature databases. IT firms set up VM farms to run them through a bunch of AV's or just buy a metascan appliance.
    Jwalker18
  • As ZDNet's resident Uncle Sam apologist...

    ... you forgot the other clause:

    Feed shall be usable by FBI to, without use of morality, ethics, and probably the legal statutes of the nation, infest ALL the POPULATION"S communication devices, without exception, with whatever destructive crap the FBI thinks will help us catch bad guys... because, well, you know, NSA can do it, so why not us?
    btone-c5d11
  • Spying

    Looks like just another way to increase USA spying over the world.
    Rikkrdo