Whois または DNS を使ってあやしいファイルのハッシュ値 (MD5 or SHA1) を検索すると、答えが返ってくるサイト。

Team Cymru is happy to announce the availability of various service options dedicated to mapping suspected malware hashes to our insight about positively identified malware. Now you can check if a particular piece of code is malware by querying against the extensive Team Cymru Malware Hash Registry.

The Team Cymru Malware Hash Registry (MHR) compliments an anti-virus (AV) strategy by helping to identify unknown or suspicious files. While your AV posture helps you perform detection based on signatures, heuristics and polymorphism, the MHR provides you additional layer of detection, for known badness. Based on our research, AV packages have trouble detecting every possible piece of malware when it first appears. The MHR leverages multiple AV packages and our own malware analysis sandbox to help aid your detection rate. Coupled with AV, the MHR helps identify known problems so you can take action. In order to decrease the false positive rate, we do not list items with less than 5% detection rate, we exclude all entries present in the NIST database, and we attempt to exclude multiple copies of polymorphic malware.

The service options come in various flavors, including:

• Whois (TCP 43)
• DNS (UDP 53)

HTTP (TCP 80) and HTTPS (TCP 443) service is being considered as well as additional features in the future. Contact us with your ideas!

Following is a brief summary on how to use each of the services.