Moving Forward

Published on 26th October 2020, 13:45:09 UTC

13 years ago, I started to look at malware samples in my spare time that occasionally hit my personal mailbox. I've decided to document my findings in a blog, and was born. In the same year, ZeuS (aka Zbot) appeared. Sold on the dark web, it quickly became one of the most popular crimeware kits for cyber criminals to commit ebanking fraud and identity theft. Due to the rise of ZeuS in 2008/2009, I decided to create my first project: ZeuS Tracker.

Since the launch of ZeuS Tracker in 2009, many years have passed, and new cyber threats have appeared. During this time, I came up with more projects aimed at helping the internet community that is fighting the endless battle against cyber crime. Since the start of, all data made available by the project has always been free of charge for both commercial and non-commercial purposes. More and more people started to use the threat intelligence offered by, and at the same time the amount of data handled by the project greatly increased. Operating the infrastructure needed to collect, process, and publish data to the public became increasingly challenging. Fortunately, I was able to partner with a handful of organizations to support the project with infrastructure. Operating in the past years without their support would not have been possible!

The two most recent projects are URLhaus & MalwareBazaar, which are both crowdsourced: most of the threat intelligence provided by these projects is produced by the infosec community, which includes IT security researchers from SOCs, CSIRTs or CERTs and also vendors of security solutions. It's great to see the community working together to make the internet safer!

Nevertheless, I'm confronted with some problems that I need to solve. As of today, is (still) a one man show; a project, which I mainly maintain in my spare time, and not for profit. This includes maintaining infrastructure that:

  • consists of around 50 servers and 200 sandboxes
  • generates over 130TB network traffic per month
  • answers around 2,000,000 API requests per day
  • handles almost 300,000,000 HTTP requests per month
  • generates 80GB of data - every day

Handling all of this has became pretty challenging in recent years, not necessarily from a technical perspective, but rather that of infrastructure costs, and need for specific knowledge of big data analysis. At the same time, I am having many ideas for new projects that not only require additional infrastructure, but also the necessary skills to handle and analyze data at scale.

Therefore, I have thought a lot about the future of I've talked not only with friends, but also other IT security folks, and lawyers, to figure out the options I have. My main goal has always been clear: I want to continue to provide data for the good of the internet - free for everyone.

After lots of back and forth, I came to the conclusion that the best option I have at the moment is to turn into a research project. By going this route I could:

  • finally accept funding from 3rd parties (which has not been possibile to date)
  • get the possibility to access to national and international research funds (such Swiss National Science Foundation or Horizon Europe)
  • hire someone with additional technical skills that can support my work on

But as always, things are not that easy as they seem. In order to turn into a research project, a handful of requirements must be fulfilled:

  1. Finding a university that will host my project (fortunately, I have already a mutual commitment from a Swiss university for that)
  2. Becoming employed by that university (part time), and ...
  3. That employment must be paid by funds which I need to raise now

About two months ago, I therefore reached out to big organizations who are using data from to protect either their network or their customers, to ask them for help. Unfortunately, I didn't got any fundamental commitments which honestly surprised and disappointed me; this is the reason why I have to reach out now.

At the same time, organisations that became a victim of ransomware pay millions of dollars to cyber criminals to get their data back. Strange world, isn't it?

Your help is needed!

My goal is to collect enough funds by end of 2020 to turn into a research project. If your organization is using data from and you wish to fund the project, please reach out to me (remove all capital letters).

What if...

What would happen after the end of 2020 if my plan fails? Well, I honestly don't know. I will definitely not just quit by 2021-01-01. On the other hand, I've been running for more than 10 years, and I can't make any promises that I will continue doing it for another 10. After all these years, getting funding for a research project and spreading the workload out onto more than just my shoulders would be fair.

Blog Archive