Looking for spyware and adware

Started by D-Dan, Jun 27, 2008, 00:05:03

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

D-Dan

I know - it's an odd request. I want to visit as many dodgy sites as I can possibly can on an unpatched system in order to pick up as much malware as I can in, say, 30 minutes. Does anyone know anywhere that I can access a blacklist so that I can use it in reverse.

No - I haven't gone mad. I'm going to do this from the safety of virtualbox in order to test anti-malware programs for a re-write of the techsupportalert category that I'm responsible for.

TIA

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

somanyholes

Have a read of this ....

http://www.siteadvisor.com/studies/map_malweb_jun2008.pdf


Head to hong kong etc.

Porn sites will infect the hell out of you.


Be aware there is now malware that can break out of vmware etc, so i hope you know what your doing ;) This needs to be done in a very controlled environment.


good hunting....


Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

D-Dan

So - for scientific purposes - I have to go and look at lots of naked women?  :whistle:

Seriously - I'm comfortable with malware that thinks it can break my barriers. I'll have a complete image on a separate external drive before I start - just in case. Having said that, I've never picked up anything I couldn't cure.

So that's probably the kiss of death, now. I'll finish up with an infected live system, and a failed external drive - all at the same time.

Are the malware escapes just VMWare - since I use VirtualBox, or any VM?

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

drummer

Some other sites to look out for are those that boast of "warez", "cracks", "hacks", serials, etc.

These are generally the home of spotty, snot-nosed script-kiddies whose arrogance is inversely proportional to their social skills.

If the site logo is the Jolly Roger, you're almost there and likely to pick up a bit of malware if you take advantage of what's on offer.  Make sure you use a proxy though as there's no telling what these little twerps are capable of if you reveal your static IP.

Another tip is to use IE6 with the security settings set to low, because ActiveX attracts malware like pooh attracts flies.

Screensavers are great for installing malware too.

No knowledge of whether nasties can escape virtual machines, but if it's on a standalone computer with no other OS installed and no LAN access, then it shouldn't really matter.

Good luck with it though and good for you, as someone has to do it.
To stay is death but to flee is life.

Dangerjunkie

Just Google a load of sex words and click the results, paying careful attention to any that are flagged as being possibly harmful to your computer :)

It's a dirty job but someone has to do it....

You could also try warez sites you can usually find some good scumware in cracks, keygens or pirate downloads :)

Cheers,
Paul.

somanyholes

The sites below are malware repositories, you can search for specific types, and you will know what your getting, which should make evaluating specifc software much easier. The sites themselves are not malicious but the information contained within them is. They exist to allow you to test your security. They contain botnots through to worms/viruses etc. I would still only browse them through a vm/sandbox just to be safe.

xxxx://www.offensivecomputing.net/ (free register to search)
xxxx://www.botcu.net/
xxxx://vx.netlux.org/

As far as testing is concerned do the following. Make sure Nothing else is on your lan, some code will try to propogate onto your lan.
Do not use this in a work environment, you may find public services end up being blacklisted or worst case scenario your isp will kill your comm's.(depending if it breaks out)
Using an external hard disk is a good idea, make sure there are no file sharing services enabled between your main box and the vm. Some vm software sets this up. I can't comment on virtual box I'm afraid as iv'e never used it.

Using a proxy will not make much difference as once infected, which is pretty much guranteed if your going hunting, they will be communicating over whatever ports/protocols they want. It might be worth blocking outbound ports on your nat/firewall device.

The best approch to all this is to be pessimistic ;)

It would be interesting to see the information that you come up with.

D-Dan

Thanks guys.

I'll start my quest later. For maximum security and protection of my live system, I've booted to Ubuntu and set up a VM running XP using virtualbox there.

Whilst I do have a lan, no other machines connected to it are turned off, and the virtual machine has no access to local drives. Since the host OS is linux, with no Windows OS accessible to it, I should be safe.

And when testing is done. I'll simply delete the VMs.

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's