Tyler (aka: The Security Shoggoth) announced on the Security Justice podcast last week about the “Malware Challenge” that begins October 1st. I think this is a great idea and is a fantastic way to learn about how malware works and how to analyze it.
“Starting from October 1, 2008 and ending October 26, 2008 we will be running a malware analysis challenge at http://www.malwarechallenge.info. In the challenge participants will download a malware sample to analyze. The site will have a list of questions for participants to answer and send in. We will judge the answers and those scoring the highest will win prizes.”
Yes, this is a real piece of malware that you will analyze! More about the malware and the contest:
“Participants in the malware challenge will download the malware, analyze it and answer questions based on their findings. The answers to these questions will be evaluated by the judges in order to determine who the winners are. At a minimum, submissions should include the answers to the questions. However, submissions which also include a narrative on such things as how the malware was analyzed or how the analysis lab was set up will be more likely to win. Be creative.”
What are the prizes? So far they have a Best Buy gift card, IDA Pro Book, Full version of IDA Pro software, Hacker game from Steve Jackson Games and many more prizes as well. For the most up-to-date-list, check here.
Even if you have never analyzed malware before…everyone is encouraged to participate! This is a great way to learn about how malware works and also a way to develop a new emerging skill set! The contest site has some links for you to get started if you never did malware type analysis so you have some place to start. Winners will be announced at the 2008 Ohio Information Security Summit on October 31st. You don’t need to present to win but there will be special prizes for those that can be there. Good luck to everyone participating!