This November, Safer-Networking Ltd was invited to speak at the second annual International Anti-Virus Conference in Tjanjin. Our Senior Malware Analyst gave a well-received presentation on the benefits of OpenSBI, our framework for analyzing files and writing detection patterns, at the Elite Forum on Cyber Security Innovation and Development.
It was good to see how companies and researchers worldwide are taking IT security seriously. We are grateful to the CVERC for the invitation, and the experience was certainly informative.
You can read more about OpenSBI on our wiki. OpenSBI is a tool developed by Safer-Networking Ltd, which has been used for adding new detection rules to Spybot. It has been available in the Spybot – Search & Destroy program for users since version 2.0, and can be used by any user to add additional detection patterns specifically tailored to their needs.
The attendant malware pattern description language offers a simple and easy to learn syntax, since it was optimized for human readability and fast signature prototyping. OpenSBI stores rule data using the SBI file format, which is plain text. You can use any text editor to create them, but we advise to use the OpenSBI Editor. You can find it in the ‘Professional Tools’ section of the Spybot Start Center. This editor offers syntax highlighting and a syntax validator, an overview of all OpenSBI commands and file parameters. You can select templates from quicklists for path and description meta tags.