Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A strange request


  • Please log in to reply
16 replies to this topic

#1 Chronosaurs

Chronosaurs

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 14 August 2009 - 11:57 PM

Pardon me if this is in the wrong sub-forum but as far as I can tell it is the right one.

I have a strange request. Maybe it's been asked before maybe not but here it is:

Where are the best places to GET malware/virus/etc. infections. You see I want to infect a machine that I have set up just for this and would really love some help with getting it just rife with filthy badware so that I can practice my restoration/cleaning skills. I am completely serious here and hope to be taken seriously about this.

Really , the reason I ask is that I've never encountered anything malicious on my own machines. Just ones friends bring over. The infrequency of their infections and the complete lack of any malware run-ins on my end has put me in this rather strange situation.

I hope some of you out there can seriously help me with this with hints, urls, WHATEVER it is to get this one machine completely toxic.

Thanks!

Edited by Chronosaurs, 14 August 2009 - 11:59 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:27 AM

Posted 15 August 2009 - 12:49 AM

Visit crack, kegen, or warez sites. Download stuff and run it.

It's against forum policy to provide "hot" links though as cloudy-headed readers might click on them and infect themselves :thumbsup:

Edited by Blade Zephon, 15 August 2009 - 12:51 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,958 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:27 AM

Posted 15 August 2009 - 01:06 AM

Hello there,

I hope this is a machine that you don't mind turning into an expensive doorstop. It can happen. It is a risky business to deliberately get infections on your computer. Folks generally have machines designated specifically for that purpose.

Secondly, we won't provide direct links to malware. We don't want folks to click on that stuff and hose their machines.

That said, I believe if you did 5 and 8 in the list of "The Ten Most Dangerous Things Users Do Online," especially with your security programs turned off, you will find yourself infested with a bunch of malware in short order.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 Chronosaurs

Chronosaurs
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 15 August 2009 - 05:17 PM

Thanks for the replies so far!

Some good info there Orange Blossom, thank you.

Unfortunately, as you can probably tell already, I'm privy to this and most other information of like it and so far it has garnered my soon-to-be-doorstop nothing of value toward any sort of entertainment. Should I be downloading the different varieties of clients from these mal-sites so as to get the ball rolling or what? Do people that come here for help and HJT logs sometimes mention HOW they got infected?

Again, ty for at least a couple of responses. I honestly thought I'd get run out for even asking such a thing.

p.s. Is it against policy to PM links to the places Blade Zephon mentioned? If it isn't then by all means PM me w/ the goods ppl! :thumbsup:

ALSO! Does anyone know if people w/ intentions such as mine congregate somewhere online? If so where?

Edited by Chronosaurs, 15 August 2009 - 05:19 PM.


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:27 AM

Posted 15 August 2009 - 10:18 PM

Do people that come here for help and HJT logs sometimes mention HOW they got infected?

Sometimes. . . have a read through some of the threads in the HijackThis and Am I Infected forums; you might find some useful tips.


I'm going to restate what I said earlier. . . as I can pretty much guarantee that this will get you infected.

Visit crack, kegen, or warez sites. Download stuff and run it.

If you need help finding these kind of sites, Google "warez" or something similar. Then go to the site, look for executables to download, download them, and execute them. Then watch the chaos unfold.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:08:27 AM

Posted 17 August 2009 - 12:30 PM

Not sure what is allowed but services like WOT http://www.mywot.com/ use public known sources for their blocking. They ask for them in their forums from time to time. Find a good one with rss-feed. Subscribe in Google Reader or similar. Use a linkifier thingy for Firefox, perhaps also one that will let you open link in new tab just by rightclicking. Then you can test many type of malware in seconds :thumbsup: Can also just browse/search around WOT - each site has its own page so go crazy.

Very educational and could give you a whole new perspective on certain products. Browser-filters (I wish you luck reaching 83% or what it was IE8 caught in that test, not going to happen!), OpenDNS, hosts-file, AV, WOT or whatever you use. If not new perspective you will at least be more critical of what you hear on the internet.

Those lists are often miles long, just keep scrolling in Google Reader. Well go visit site, see how they categorize them. Advantage to digging into warez, which is kind of illegal even if you dont intent to use incoming, is this is 100% certain to be bad but there are many dif. types of bad. If all you want is some action just go for those domains with words like scanner, virus, defender, protection - like they are related to security somehow. They often have have fake scanners triggering a download in a flash. A certain popular type wont let you close browser until you have downloaded - not unless you are quick, heh. Cant miss them. Or they look highly professional with fake icons claiming fame and gold medals - does not really harm computer. A rogue program since only purpose is to get your money. Some of them might harm computer, make unwanted changes - there are many variants. Some sites like those with fake Flashupdates actually are close to perfect copies of real ones.

You can test on your normal computer but then really need to know what you are doing. 1 click can be 1 too many. So set up a Virtualbox or use another computer with no sharing/networking. Ive done this testing many times on other computer but once I forgot I had also played with some sharing. Just that day I had to test a Sality/Y, someone sent it do me on request - was not fun since it spreads faster than you can blink and really mess up exe-files, also those shared! Can be removed but difficult and take hours. You can get clickhappy testing because of the fun but not a good idea :flowers: Really a matter of luck or not if you dont take it very easy. As those sites with links will say it is your own responsibility to proceed. Also why they never make it easy to just click - why I mentioned Firefox add-ons to fix that.

Ive never seen a drive-by download that automatically infect computer without user activity. If you want to see those then dont update OS, IE, anything in your Virtualbox. XP without SPs will do nicely. Dont think you will have much luck with updates in place - can be risky enough as it is. Im more interested to see impact when all the right things have been done - or almost all the right things. Run as Adm., no clever security policies and turn off uac on Vista to give infection a chance. A common setup anyway.

Edited by Bambo, 17 August 2009 - 01:28 PM.


#7 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:08:27 AM

Posted 17 August 2009 - 02:11 PM

Forgot. If you think hmmm I better not you are missing out but ok. Go to this Youtube channel then http://www.youtube.com/user/mrizos I think he make a living of removing malware yet he dont know much more than you and me so good entertainment. He test AVs and more, much the same way as I suggested. He probably have a video of where he gets them from, Ive not seen all. Well, not really tests but show-offs of how great or bad they are. He test only a handful of infections on his non-updated XP - dont take it for more than it is, not his intentions either I think. There are many fan-boys with too much time and weird statements when it comes to security (for whatever reason). About what is best, what to use and all that - I expect video-comments and such to be going in that direction so dont get caught in that, just ignore.

Another thing I forgot is Virustotal http://www.virustotal.com/ If you wonder how other AVs deal with a download send it to them. Also very educational and confusing. If nothing else you learn that they are not all equal but also that it is hard to see a pattern - among the better ones. Like you should have all installed to have some sort of trust :thumbsup: Result of this check is not necessarily the same as if you execute file on hd but a good hint.

If you find something not detected by chosen AV then submit file if possible. Will be added to database in hours/days depending on how active they are.

Edited by Bambo, 17 August 2009 - 02:12 PM.


#8 Chronosaurs

Chronosaurs
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 18 August 2009 - 05:17 PM

Wow thanks for the replies everyone! Especially you Bambo! You seem to know where my head is at! :flowers:

Also thanks for all of the tips and suggestions they will get put to good use! I agree with you Bambo that sometimes it seems like you need 50 different pieces of software to truly be "safe". Honestly I think it's a marketing gimmick - but what the hell do i know? I'm off to look at this dude's youtube videos then , as you say, go clickhappy!

P.S. Thank you tons someone! you know who you are :trumpet: :thumbsup:

#9 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:11:27 PM

Posted 18 August 2009 - 07:00 PM

Limewire. 'Nuff said.

#10 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:08:27 AM

Posted 18 August 2009 - 11:16 PM

Limewire is too easy since problems are expected. Most knowingly take the risk or just dont care. Try Google ads :thumbsup: Many variations of threats, scams.

Posted Image


Edited by Bambo, 18 August 2009 - 11:16 PM.


#11 MrBoo

MrBoo

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 20 August 2009 - 08:11 PM

Download spyware blaster, and look at its list of restricted site. Visiting any of those sites will get you an infection really easily. There are tons of sites in that list also, so have fun.

http://www.javacoolsoftware.com/spywareblaster.html

#12 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:08:27 AM

Posted 20 August 2009 - 09:03 PM

I wanted a more direct source so found this

Offensive Computing, LLC was formed by Danny Quist and others as a resource for the computer security community. The primary emphasis here is on malware collections and analysis for the purpose of improving people's abilities to defend their networks. There is a noticeable lack of public sources of malware and malware analysis available. Those that were available were either for sale or limited to a small number of users. We provide resources such as live copies of malicious software, md5sums to search on and analysis of the malware to the general public. Offensive Computing currently has the largest publicly available malware collection on the Internet.

Sign up for full effect. Has a rather active forum where you can request samples. Sites like these probably also have members with strange interests. Im not sure all are malware forensics... Thin line betweeen good and bad perhaps. Personally I would only trust old members there. Does not matter, is only a source for infection not contact - advantage is you can test more accurately instead of random clicking links and hope something happens, search "Facebook" "Windows mobile" or whatever is of interest. An example from forum:

Bored and wanting new viruses

I like to find a few viruses to play with on a VMWare. There are a few things I'm looking for... they don't all have to happen in the same virus and if your opinion of the "best" at something doesn't meet others I don't mind... just looking for suggestions.

1- A virus that opens a ton of outgoing connections essentially making the network connection unusable. I want to test a tool from sysinternals that checks connections from the computer to see how it does.
2- A virus that is polymorphic. I just want to see how it changes over time by monitoring.
3- The most aggressive rougeware as far as hosing the system. Just a ton of popups, blocking you from task manager/removal tools, turning off any security installed, or just messing up everything making it really hard to remove. It's VMWare so worst case senario I can't remove it and just restart the VMWare. I secretly want a copy of System Security 2009 but can't find it online, the db here, or searching posts :flowers:
4- The most aggressive downloader that just loads the computer with other things.

Thanks in advance for any suggestions. It doesn't even have to be links... just names. :thumbsup:

Typical reply will be links to Rapidshare, Mediafire.

Edited by Bambo, 20 August 2009 - 09:32 PM.


#13 Heafy

Heafy

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:27 AM

Posted 21 August 2009 - 06:51 AM

Ok...not sure why you want to do that, but i think you might want to test this out. Google 'eicar' its website is .org download any of the files, your anti-virus should detect one of them. For getting a virus...Download stuff from fake rapidshares and stuff.
NOD32, Malwarebytes Anti-Malware Pro, Spyware Blaster, Super Anti-Spyware. Windows Vista 2gb of RAM, 222 hard drive, Dell Inspirion 530.

#14 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,259 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:11:27 PM

Posted 21 August 2009 - 12:06 PM

Ok...not sure why you want to do that, but i think you might want to test this out. Google 'eicar' its website is .org download any of the files, your anti-virus should detect one of them. For getting a virus...Download stuff from fake rapidshares and stuff.

eicar is only a test string contained in a file, not an actual piece of malware.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

:thumbsup:
It would be interesting to know whether rogue antimalware programs like Antivirus 2009 properly detects the test file! :flowers:

#15 Bambo

Bambo

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Denmark
  • Local time:08:27 AM

Posted 21 August 2009 - 12:43 PM

Damn, MSE is good - Eicar no longer a test-virus but a severe threat, and it replicates! :thumbsup:

Posted Image


Edited by Bambo, 21 August 2009 - 12:43 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users