The FBI has put out a request for experts in the cybersecurity industry to send in all the malware they can. In a solicitation published this week on fedbizopps.gov, the intelligence agency asks for "a rollup of sharable malware" for research purposes — or so they say.
This proposed treasure trove [Word document] of malware, infected files, malicious scripts and other forms of online trickery is "critical to the success of [the Investigative Analysis Unit's] mission to obtain global awareness of malware threat."
It's an offer that will no doubt appeal to online security firms like Lookout, AVG and Symantec. These companies stockpile malware, both well-known and obscure, to allow comparisons with new threats. Such archival techniques pay off: Just recently, the software used in the Target hack was identified as being related to some known, garden-variety card-skimming code, a fact that no doubt advanced the investigation considerably.
Whether the FBI would be using all this malware strictly for research purposes is anybody's guess. The agency is known to have deployed malware in the pursuit of the likes of child pornographers rendered anonymous by the Tor network. The authors of these tools may find much to learn and imitate in such a database.
It's also unclear whether this collection would have anything to do with InfraGard, the FBI's information-sharing partnership with businesses, research institutions and others.
The FBI has not responded yet to requests for data on these last points. We will update this post if they do so.