|
News
| Wednesday, May 30th, 2012: Andrubis = Anubis for Android binaries | | We are proud to present our most recent substantial extension to Anubis: the analysis of Android APKs (codename Andrubis)! Like the core-Anubis does for Windows PE executables, Andrubis executes Android apps in a sandbox and provides a detailed report on their behavior, including file access, network access, crypto operations, dynamic code loading and information leaks. In addition to the dynamic analysis in the sandbox, Andrubis also performs static analysis, yielding information on e.g. the app's activities, services, required external libraries and actually required permissions. |
| Tuesday, July 14th, 2010: Analysis system back up and running | | Our migration process has been completed - the first new tasks are being processed.
We are currently adding new workers to the system, so analysis performance should
resume the known pace over the next couple of hours, increasing even more throughout
the next couple of days. |
| Tuesday, July 13th, 2010: Hardware maintenance | | We migrated to a new set of servers, the new hardware is now up and running.
Previously generated analysis results and uploading is possible again, new
analysis runs are not yet possible. Normal operation should be avaible in the
next couple of hours. |
| Friday, July 2nd, 2010: Dionaea/Norman upload improvement | | The default configuration of Dionaea confused the Anubis web-interface what led
to incorrect analysis of automatically uploaded samples. This has been fixed. |
| Monday, December 21st, 2009: Some downtime | | We had some downtime today for maintenance. We are sorry for the inconvenience. Most services are up again,
but processing times might be a bit longer as some are still being maintained. |
| Wednesday, December 16th, 2009: New Hardware and Better Service | | In order to improve the reliability of our service, we have ordered new hardware. Over the next couple of months, we will be improving and extending Anubis. |
| Monday, Febuary 9nd, 2009: Anubis Malware Clustering | We now perform clustering of submitted malware based on the behavior observed by Anubis. For details on how we do it,
see this paper, which we are presenting at NDSS. This allows us to automatically detect families of related malware.
To make this functionality available to Anubis users, the web interface now includes a number of new features:
- A new clustering tab in
the anubis main page.
- A clustering overview page,
listing all families (clusters) generated by a run of our clustering algorithm.
- For each family, a family overview page,
listing all the binaries in the family.
- A new belongs to cluster link in task overview pages such as
this one,
pointing to the family this binary belongs to.
The first run of our clustering algorithm includes 376 thousand samples.
Initially, we will be re-running the clustering algorithm each weekend.
Each run will include all of the most recent submissions, as well as a large part of the samples submitted
during 2008. Therefore, the belongs to cluster link will appear in a task overview page for a newly submitted
sample only after the next weekly run. In the future we plan to implement an incremental clustering
to make cluster information available as soon as a binary is analysed. |
| Tuesday, December 2nd, 2008: Wepawet - Analysis Service for malicious JavaScript and Flash files | The Computer Security Group of the University of California, Santa Barbara has launched a service for analyzing malicious JavaScript and Flash files. In the future, it shall also allow the analysis of URLs.
You can submit malicious JavaScript and Flash files to Wepawet here. |
| Tuesday, October 28th, 2008: Anubis Accounts - Passwords | | Some accounts might experience trouble logging in. In this case, please have your password reset. A new password is then emailed to the saved email address. |
| Friday, October 24th, 2008: Automatic Submissions to Anubis | We want to remind you that automatic submissions of samples to our analysis-system are possible. Simply have your program send an according POST request to our website. To make life easier for you, we provide a) a python script that submits samples supplied as command line arguments and b) a norman/cwsandbox - compatible submission URL for those people that already have working submission scripts for these services. Have a look at the appropriate section of our FAQ for more infos.
Please note that changes in our homepage-architecture require you to use a new version of our submit_to_anubis.py script that we have only published today. While there were some problems with the norman/cwsandbox - compatible submission interface in the last few days, as of now it should work again without problems.
Update (October 28th): We have put an updated version of our python script 'submit_to_anubis.py' online. This new version allows submitting of URLs among other things. |
| Monday, October 20th, 2008: New Anubis Features | We have updated the Anubis homepage and the analysis service.
New Features:
- Additional report formats: In addition to the HTML report it is now possible to view the Anubis report in the PDF, plain text or the (original) XML format. The report is available for download in the MHT, PDF, XML or plain text format.
- Auxiliary File Submission: It is now possible to additionally submit DLLs or other auxiliary files, which are required by the executable.
- Pre analysis: For submitted files that are certainly no valid Windows executables we do no start Anubis but immediately present the output of the popular Unix 'file' command.
- Stability enhancements: Several bugs have been fixed in the main Anubis executable
- URL Analysis: Anubis analyzes an URL by opening it in the Internet Explorer and monitoring the brower's behavior.
- User accounts: You can create a user account on our homepage for having easy access to all your previous submissions.
- Webpages: All our web-pages and the Anubis analysis reports are now fully XHTML 1.0 conform. Moreover, you can now reach our homepage via HTTPS. In particular, you can submit samples via HTTPS (which allows one to submit samples if one is behind a virus-scanning HTTP proxy).
- ZIP submission: An executable can be submitted together with its auxilliary files packed in a ZIP archive.
As always, please forgive us possible bugs and please let us know of any problems you might find. |
| Monday, June 23th, 2008: Maintenance | | Anubis is down for maintenance work. We will be back online tomorrow. Update: We are back online. |
| Saturday, May 3rd, 2008: Downtime | Unfortunately, our analysis service is down at the moment because of maintenance work. Please don't expect a normal service until Monday, May 5th, evening CET. Thank you for your understanding!
Update (May 5th): We're back online. |
| Monday, February 5th, 2008: Analysis Service operational again | | Our analysis service is is up again. In order to better cope with future analysis demands we have also used the downtime to upgrade our hardware. |
| Tuesday, January 29th, 2008: Downtime | | The analysis system is currently down because we are experimenting with a new version. We plan to reactivate the analysis system by the end of the week. In the meantime, we are queuing incoming samples and will process them as soon as we are up again. We are sorry for any inconveniences caused. |
| Friday, October 5th, 2007: Maintenance phase over | We have completed all necessary maintenance work. I am very pleased to announce that we have upgraded our server infrastructure. Anubis' processing capacity has increased by a factor of 6. Moreover, we have improved the network configuration as it is seen by analyzed binaries. This step substantially improves the quality of our network analysis.
On Monday, October 8th, we will have to physically move our servers. This will result in a small downtime. |
| Tuesday, October 2nd, 2007: Up again | | (17:06 UTC+2) We have experienced an unexpected downtime in the last few hours but as of now our web server is up and running again. Due to necessary maintenance work our analysis-system will remain down for some time. |
| Tuesday, September 25th, 2007: Maintenance | | We are doing some maintenance work this week. Please expect some downtimes. |
| Monday, August 10th, 2007: Major Anubis Update | | We have installed a new version of Anubis today. We've changed quite a lot under the hood but there are also many visible changes: we have worked hard on our network analysis. We are now able to parse all of the common network protocols and extract the important information. Moreover, we have improved the design and readability of our analysis reports. To this end, we've added Javascript to our reports. If you don't like having Javascript turned on you will still be able to see the reports but you won't be able to enjoy a Web 2.0 analysis result. ;-) |
| Tuesday, August 7th, 2007: Another Downtime | Due to repairs in the building that houses our servers we'll have to shutdown Anubis from approximately 00:00 August 8th to 12:00 August 8th CEST.
Update (10:55 May 8th): We're back online. |
| Friday, July 13th, 2007: Updated section 'Sample Reports' | | We have updated the 'Sample Reports' section of our homepage with some links to analysis reports of real-world malware executables. |
| Wednesday, May 2nd, 2007: Downtime | Due to repairs in the building that houses our servers we'll have to shutdown Anubis from approximately 00:00 May 3rd to 12:00 May 3rd CEST.
Update (12:57 May 3rd): We're back online. |
| Wednesday, March 28th, 2007: Automating Submission of Samples to Anubis | | In order to ease automatic submission of samples to our analysis-system we provide a) a python script and b) a norman-compatible submission URL. Have a look at the appropriate section of our FAQ for more infos. |
| Tuesday, March 20th, 2007: Priorities for our submission queue | | In order to better cope with the growing usage of our service, we have added a primitive captcha to the executable submission form. This way, manual submissions are recognized. Manual submissions will be processed before automatic submissions. |
| Monday, March 19th, 2007: Comment on Analysis Reports | | It is now possible to comment on analysis reports. If you think that there is something wrong in your analysis result or something could be improved give us feedback! Every analysis report comes with a small link in the right upper corner which will allow you to enter a message specific for this report. Your feedback helps us to improve Anubis. |
| Tuesday, March 13th, 2007: Minor Anubis Engine Update (1.11) | | The analysis of files with a '!' character in their name works now. :) |
| Friday, March 9th, 2007: Website Update | | We have improved our submission system. If an analysis report for the same file already exists the existing report will be returned. This avoids unnecessary and CPU-intensive analysis-runs and improves overall-performance. |
| Thursday, March 8th, 2007: New Name | After weeks of searching we have finally decided on a (new) name for our project. It is Anubis. Anubis stands for ANalyzing Unknown BInarieS.
Moreover, our homepage is complete now. The old homepage is dead. Long live the new homepage! |
| Friday, February 16th, 2007: We are online! | | First version of the homepage is online. The submission and analysis of binaries is fully functional but we still have to create all other sections of the homepage. |
|
Last Modified: 2013-05-01
|
|
|
|
