The Malware Lab Network (MLN) is a segregated, closed computer network system, protected by multiple firewalls, used to analyze computer network vulnerabilities and threats. Typically, the MLN receives information about computer security vulnerabilities and threats in the form of the actual malicious code or copies of computer hard drives (image s), received by the Department or other federal agency, and the MLN analyzes the code or images in order to discover how to secure or defend computer systems against the threat. The corrective action information is published in US-CERT products such as vulnerability reports or alerts.
It contributes critical support to existing tools used by US-CERT to better meet the four cyber mission areas: 1) Alert, Warning, and Analysis; 2) Coordination and Collaboration; 3) Response and Assistance; and 4) Protection and Detection. The MLN collects, uses, and maintains analytically relevant information in order to support the Department's cyber security mission, including the prevention and mitigation of cyber attacks, protection of information infrastructure, the assessment of cyber vulnerabilities, and response to cyber incidents.
The MLN has a website and receives information from the public and/or government agencies for reporting potentially dangerous and/or suspicious cyber information to US-CERT for risk analysis. Information transmitted to US-CERT may include, among other information: malicious codes; computer viruses; worms; spyware; bots; and Trojan horses. In general, any form of an attack tool may be transmitted since they, and the vulnerabilities exploited when an attack occurs, present a real and present danger to the security of domestic information systems.
The MLN provides a mechanism by which information regarding cyber threats can be collected and contained in a highly secure environment. A comprehensive evaluation of the threat can thereafter be conducted by expert analysts so as to improve the overall understanding of current or emerging cyber threats.
The primary objectives of the MLN are to:
- Develop procedures for the safe and secure handling of malicious attack tools in a manner consistent with best practices;
- Collect potentially or confirmed malicious tools to facilitate threat assessments;
- Provide the capability to deliver immediate actionable information and add additional detail as more facts emerge concerning a cyber incident so to better understand the scope and nature of the attack;
- Enhance analysis efforts by maintaining a robust analysis laboratory that permits more dissection of malicious attack tool information; and
- Produce detailed reports of analysis activity and findings.