Frankenstein crimeware registry comes online

EC Council compiles malicious-code bank for students, penetration testers

A new crimeware registry including more than 4,000 entries has been compiled for use by students of the EC Council, a private firm that performs ethical hacker training.

Called Frankenstein, the encyclopedia of attack code is designed so students and penetration testers can actually download and use the attacks, giving them a perspective on how attackers think but also to measure whether networks are vulnerable, says Jay Bavisi, president of the council.

The cost of using the attack code varies depending on whether it's been produced by commercial enterprises that might license it, he says. If it's open source or an underground tool, authorized users of Frankenstein can use it for free. So far it's only available to students enrolled in EC Council's ethical hacker certification students.

The registry would be a treasure trove for criminals looking for network-attack tools, but it is kept under strict scrutiny, Bavisi says. Only ethical hacker students and professional penetration testers have access, and that is monitored, he says.

Plus, anyone with authorized use has to sign away their data-protection act rights, allowing law enforcement agencies to see logs of their activity in the registry should those agencies want to investigate a user.

Besides, the code is available via underground chat rooms and marketplaces online. "They could just go to Google," Bavisi says. "It's not as if it's not available on the Internet."

Learn more about this topic

MPack, NeoSploit and Zeus top most notorious Web attack toolkit list

Customized, stealthy malware growing pervasive 

Pwn2Own 2011: Hackers Shame Safari and IE8 on Day One

Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies