[dcow]

Why should malware repos be deleted?

Serious question. The repos aren't themselves doing harm, are valuable for research, and would be distributed some other way if GH removed them. Maybe a banner “be careful! others have reported that this repo may not do what it claims. proceed with caution” would be a more appropriate response?

[Aurornis]

> The repos aren't themselves doing harm,

Yes they are. Did you read the part about the people doing this and getting 50-100 compromised computers per day? They’re stealing accounts and crypto with these.

> are valuable for research,

Research into how they’re harming people? The research is done. Time to move to fixing it.

> and would be distributed some other way if GH removed them.

This is like saying we shouldn’t wear seatbelts because some people will still die in car crashes anyway.

You don’t avoid improving a situation just because you can’t perfectly fix it globally. You address what you can and reduce the problem.

[dcow]

At least the malware is exposed in the light of day. I didn't say don’t fix something. I asked whether the malware should be removed vs e.g. being flagged by github. If github removes it, it will move somewhere else and be harder to keep a thumb on. That’s fine, I was curious because this “research” wouldn’t have happened in the first place if the malware was elsewhere. It sounds like intent here matters…

[Aurornis]

> If github removes it, it will move somewhere else and be harder to keep a thumb on.

It’s on GitHub for visibility and credibility to victims.

If it moves somewhere else where victims can find it, the researchers can find it too.

[timsh]

I don't think that repositories presented and named as Malware or Virus should be deleted - they're good for educational and research purposes I guess. I specifically mean those that impersonate as legit programs (if you can call a "free download" or "mod" apps legit).

[jillesvangurp]

There is an official policy on this: https://docs.github.com/en/site-policy/acceptable-use-polici...

So, sounds like the Github team should take some action here.

[ale42]

To me those repos seems an abuse of what GitHub is for. I'm 100% fine with a repo hosting malware if it's there for security researchers and anybody else interested in the topic to study, etc. Even better if there is also documentation. I'm not fine with using GitHub (or any other site) as a distribution platform for malware, hiding the fact that the software is malicious in the first point.

[otikik]

> The repos aren't themselves doing harm,

Yes they are. They are being used as delivery mechanism for malware.

[petesergeant]

> The repos aren't themselves doing harm

Yes they are, they're distributing malware

> are valuable for research

Marginally, at best

> and would be distributed some other way if GH removed them

Another way that wasn't so well SEO-optimized and didn't carry the Github halo.

[BoredPositron]

Only if they disguise as non malware I guess?

[episteme]

> would be distributed some other way if GH removed them

Maybe? But definitely to less people? I don't see the argument for allowing them.

[qwertox]

Maybe a special flag with a passcode which must be passed to `git clone`, where this passcode is shown in such a banner. To make sure you've read the banner.

[aqueueaqueue]

Good point instead of deleting, treat it like an invalid https cert. Lots of warnings and are you sures before you get to clone or fork.

[Cthulhu_]

Doesn't distributing malware break a number of laws?

[yuppiepuppie]

What is the definition of distribution? If I posted a code snippet of malware on github or my personal site for educational purposes, does that count as distribution?

[creshal]

That depends heavily on the law in question. Germany e.g. almost completely bans white hat activities because hacking is evil, and no amount of common sense has been able to get through lawmakers' thick skulls.

[martin_a]

You can downvote him all you want, but it's true at the core. §202c of the BGB heavily limits what can be done, even by legit researchers, and it's often being critized for that reason.

For anyone interested, the Wikipedia article might give an overview (only available in German right now): https://de.wikipedia.org/wiki/Vorbereiten_des_Aussp%C3%A4hen...

[diffeomorphism]

Really? The malware went from your computer to someone else's and your defense is that it was not "distributed" but just magically moved from A to B?

If you argued that it was clearly labeled as malware for educational purposes, that seems fine. It was distributed, but then distribution is allowed. But this is very clearly not the case here.

[sim7c00]

totally depends on where u live. id say 99% of places, u wont. also, research purposes is ok if its obvious. u can download malware in lots of places, sources, so taking them off of github really wont do anything either.

personally if i post such things i will either ensure it has detections everywhere or somehow neuter it. usually for research you dont really need to have fully functioning malware. just enough to prove some question. so despite posting sources of malware being ok, and it being available in lots of places, i do think, especially for advanced things, its better not to contribute it freely... but to each their own. i'd advise strongly against just outright posting functional cyber weapons, not because its illegal, but simply because its really not needed. there is more bad potential than positive use compared to broken or incomplete versions.

[sgc]

These repos are targeting kids. They should be removed or at least disabled.

[Retr0id]

They're just as useful for research as the spam/scam comments you occasionally see at the bottom of an HN thread.