More than three and a half years ago, the Anubis – Analyzing Unknown Binaries – service went online with the following, very first news entry:
Friday, February 16th, 2007: We are online! First version of the homepage is online. The submission and analysis of binaries is fully functional but we still have to create all other sections of the homepage.
Quickly, we started a number of cooperations with different research groups and organizations around the globe, giving us access to hundreds of new malware samples per day. In the first weeks and months, the service was generating analysis results and continuos news page entries (see https://anubis.iseclab.org/?action=news) informed about every improvement we did to the system.
However, starting with the year 2009, the news page updates became infrequent. Of course, this does not mean that the service was not extended or maintained since then. We have been doing so much work that we often forgot to report it.
We’ve come a long way. From a couple of hundred samples analyzed per day, we have increased the throughput of our service by an order of magnitude and have extended the service with different features (e.g., the analysis of drive-by downloads).
To inform interested Anubis users, in the future, we will try to
- sum up what has been done over the last couple of months,
- what interesting problems have been solved,
- what issues are still on our TODO-list,
- and much more
with a series of blog posts here.
To start off, in the next post we are planning to release soon, we will describe the new Anubis infrastructure. In contrast to the original setup, where everything was hosted in one server-room in Vienna, we have expanded the hardware resources available to us. What makes this expansion particularly interesting is that our resources are now spread over three different geographical locations around the globe — introducing interesting technical challenges we had to overcome.
Hence, if you are interested in the Anubis internals, lessons learned from operating this service, and other malware analysis-related stories, be sure to browse by every once in a while to read about the latest stories (and also follow us on Twitter)!