A security researcher, John Page, has created a novel project for disclosing vulnerabilities in malware.
There are quite a number of websites disclosing vulnerabilities existing in software or hardware via vulnerability databases. Some of the well-known websites that fall into this category are National Vulnerability Database (NVD), Vulndb.com, CVEdetails.com. There also exist a public database, Exploit Database, for known exploits targeting the exposed vulnerabilities. For another category, quite a number of websites focus on sharing information about malware with details on hashes, reverse engineered codes or Indicator of Compromises (IOCs) etc.
However, Malvuln.com, is the first to share research exclusively on vulnerabilities discovered vulnerabilities within malware. This novel website could help researchers in better understanding malware weaknesses both to defend against them and recover from in case of infections by them. It could especially prove useful in recovering from ransomware that uses encryption to disable a victim’s access to its own data and demands a ransom to decrypt the encrypted data.
Besides that, the revelation of vulnerabilities existing in malware brings up another threat vector that has possibly not received enough attention so far. Systems running vulnerable malware could be exposed to threats by attackers other than the malware writers. For instance, an unnoticed adware, with a Remote Code Execution (RCE) vulnerability on it, could cause comparatively a higher level of risk than the threat posed by the malware itself.
The website currently lists vulnerabilities in 39 different malware type and the list grows quickly as the research continues.
To learn more about malware, you could also read our article What Is Malware and Its Types?