Friday, May 16, 2014

MalControl Video

After the big success obtained through MalControl open source software, people asked me to record a simple video to show how it's supposed to work. I did use screencast this time.

http://screencast.com/t/GGMH8q77F9a

This short quick'n dirty video shows how MalControl is supposed working. Please refer to the original GitHub page (https://github.com/marcoramilli/malcontrol) for every needs, tickets, request and so on. If you want to add your scraper and/or new frontend features please email me, every support is welcome.

Friday, May 2, 2014

Say Hello to MalControl: Malware Control Monitor

Gathering open data from malware analysis websites is the main target of Malware Control Monitor project. Visualize such a data by synthesize statistics highlighting where threats happen and what their impact is, could be useful to identify malware propagations.  

Open Data:

We actually scrape the following services:
  1. malwr 
  2. phishtank 
  3. urlquery 
  4. virscan 
  5. webinspector 
If you are a malware scan provider and you would like to actively partecipate to the project by giving some of your data, please contact us, we'll be glad to add your service to our project. Each visualized threat comes with the original and 'clickable' URL pointing to the original report. The original report owns all the specific information to the threat. 

Backend Structure:

A backround node scrapes websites to grab malware informations and fills up a mongod database. An API node serves API useful to frontend layer. Public API are available, please read doc/index.html for a full list of API. If you are interested on developing a website scraper take as example one of the scrapers available into the scrapers folder. Each scraper must be a function 'goScraper' ending-up saving scraped data to db using the functionsaveMalwareToDB respecting the db schema placed into schemas folder.

Screen Shots:

Screenshots talk laudly :) The following image shows how MalControl geolocalize malware and threts by grouping them by country. On the rigth side of the screen graphs with transparent gradient shows trends and totals of the analized sources. The top two charts show the "top countries" spreading malware/threats.  



The second top two charts shows how many malware/threats per hour Malcontrol is able to capture. This feature gives an instant view on how the "malware world" is progressing. The last two charts show the totals of malware/threats coming from the scraped sources. If you are interested on adding a source (by writing a scraper) please make a pull request or contact us.


 By drilling down into a specific malware/threat you will see the icons of the scraped sources. By clicking on such icons a tooltip pops-up within detailed informations on the selected malware/threat. The imformations are source specific and might be different from source to source. The following image shows you detailed information on a PhishTank which provides Malicius URL and Report specific Report.



Download and Contribute:

If you like to download it, try-it, put into your home room or helping us to develop MalControl, a good place to start over is on Github Repository:https://github.com/marcoramilli/malcontrol 

Super Important Note:

Everything is: as it is, this projects is still "under construction", what you see on Github Repo is an early version of the full stack implementation.  "Dont' even thik to use it on any production environment". Code might change, might be deleted and so on..