The FBI has placed malware on its shopping list, and is turning to vendors to help the agency build a massive library of malicious software.
According to a ‘Request for a Quote’ posted on the Federal Business Opportunities website, the FBI is looking for price quotes for malware for the Investigative Analysis Unit of the agency’s Operational Technology Division.
“The Operational Technology Division (OTD), Investigative Analysis Unit (IAU) of the FBI has the following mission: Provide technical analysis of digital methods, software and data, and provide technical support to FBI investigations and intelligence operations that involve computers, networks and malicious software,” according to the document (.doc).
“The IAU has a team of highly trained technical analysts, specialists and engineers providing on-scene technical support, employing innovative, custom developed analytical methods and tools to analyze collected data,” the document continued. “Critical to the success of the IAU is the collection of malware from multiple industry, law enforcement and research sources.”
According to the request for quote, any malware submissions must meet a set of baseline functional requirements:
i. Contain a rollup of sharable malware as included in the malicious URL report
ii. Be organized by SHA1 signatures
iii. Be updated once every 24 hours
iv. Be a snapshot of the prior 24 hours
v. Be, on average, 35 GB per day and include the following file types:
Executable file types from Unix/Linux, Windows and Macintosh
Microsoft Office documents
Audio and Video files
vi. Be able to retrieve feed in an automated way through machine-to-machine communication
vii. Initiations of accessing feed shall be pulled by IAU not pushed to IAU
The agency does not say precisely how the malware will be used, but the document calls the collection of malware from law enforcement and research sources “critical to the success of the IAU’s mission to obtain global awareness of malware threat.”
“The FBI reserves the right to request a sample product for test and evaluation purposes,” the document notes. “If a test sample is requested, the vendor will be notified when and where to send the sample. Given the nature of the solicitation, any test/sample product(s) will be removed/deleted at the conclusion of testing. To ensure that sufficient information is available, the Offeror must furnish, as a part of the quote, all descriptive material necessary for the purchasing activity to determine whether the product meets the salient characteristics of this requirement.”
Price quotes and a description of capabilities are due on Feb. 14.
Source : Security Week