Results 1 to 9 of 9

Thread: Spyware Website for testing purpose

  1. #1
    Junior Member
    Join Date
    May 2004

    Talking Spyware Website for testing purpose

    Anyone know of a good website that will infect my computer with spyware? The browser settings at my work are not secure, Active X is enabled and I'm constantly cleaning up users pcs. The senior sys admins at work are lazy and their attitude is that this is just something you get while surfing the web. I want to have a demo to show some of the senior management at work that this is a serious problem.


  2. #2
    Senior Member
    Join Date
    Jun 2004
    you could go to the actual xupiter and the new.net site and install their stuff, and then also install kazaa, and overnet making sure you install all of their spyware. then you can go to astalavista.box.sk and to to download a crack and install whatever porn spyware that is offered through the cracks.am site.

    finally, one thing that is a MUST is hotbar because that will go out and get some more spyware
    [gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]

  3. #3
    Senior Member
    Join Date
    Apr 2004
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  4. #4
    Senior Member
    Join Date
    Aug 2003
    Wow...bad idea? If I knew you were intentionally doing that to my network, you would no longer be an employee...I could be wrong, but intentionally causing a problem that leads to loss of revenue (somebody is going to have to fix it, right) is sabotage??

    Wouldn't it be better to put together a little presentation that will show your bosses how much money they could lose per infection? From my experience, cleaning up a normal infestation of Spyware takes 2-3 hours. For argument, let's say 3 on average to cover the bad cases. 3 hours the computer is down. 3 hours for someone to fix it. 3 hours that you can't conduct business on your computer. Depending on how heavily you use your computers, and what they are used for..

    So if I have to outsource to fix the computer at $75 per hour (emergency service), plus I can make $75 per hour with a working system, plus my pay, say $15 per hour...so roughly $500?? As Catch pointed out very effectively, talk in dollars, not vulnerabilities. It worked for me anyway..

    What you want to do is no different than saying you want to introduce a virus into the system just to prove the AV software is crap... bad idea.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Groov: I gotta guess he's going to use a labrat not one of the production boxes, even if the labrat is his own box since he implies that he is a net admin by the way he talks about the senior ones rather than just the IT staff.

    Jeff: If I'm wrong in my statement to Groovicus don't be silly.... You'd be punted from my network too.... and you don't want to be punted by me......

    If you really want to prove your point buy a cheap HD, put it in one of the computers and install the base operating system on it, (disconnect the production drive so you don't mess it up). Do not patch it or connect this box to the internet after the OS installation. D/L Spybot Search and Destroy, AdAware and The Cleaner to CD on a different box and install them. Set the start page to blank so it doesn't visit the net and open all three programs and update the definitions. Disconnect from the internet and run all three. Save the results to file or print them. This will show a clean machine. Set the box up in the lunch room and tell everyone it's free to use.... The only rule is that they can't check personal email unless you can have this box connected in the DMZ of the firewall, (you don't want viruses messing with the production network). Let them all use it for a week. Then disconnect it and rerun the three apps saving the output again. Don't update the three apps for the second scan..... You need to keep the test parameters the same.

    Now you have the before and after of the state of the machine after a single week. List the new "issues" and explain their danger/risk or how they affect productivity. This shows them the potential for harm or cost.

    Then time, to the second how long it takes to clean this machine. Let's say all three programs take 54 minutes to run and clean/quarantine all the problems. Multiply this by 12. That's 648 minutes per year to clean a machine every month and remove the threat/productivity drain. Multiply that by the number of workstations, let's say 40.... That's 25,920 minutes per year or 432 hours.... Now take your salary and multiply your hourly rate by 423, (let's say $20/hour), giving $8640 a year to clean computers that could be protected and cost 20 hours a year to clean... that's a savings of $8240 every year after you spend the time protecting the computers as best you can. It pretty much pays for itself in the first year doesn't it? Bear in mind this assumes that all three apps can clean the issues on the first pass..... many require a reboot and rescan to fix them thus extending the time by as much as a third or more. The base calculation in the circumstance quoted works out to 1/5th of an FTE, (Full Time Employee), per year. That should get some attention from your leadership....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    Senior Member
    Join Date
    Aug 2003
    Yeah, what he said

    and you don't want to be punted by me......
    Tiger's got the "Big Hand"

  7. #7
    Senior Member
    Join Date
    Nov 2001
    you could always run a controlled test. install spybot on a couple of machines and and let the rest be. if it shows them the benifits of having it, your company can buy it for all the machines. if not uninstall it.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    Senior Member
    Join Date
    May 2003
    Tiger Shark, I like your ideas.... Thanks...

  9. #9
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    New Jersey
    Set the box up in the lunch room and tell everyone it's free to use
    Tiger, you make quite an excellent point just in that statement alone. Specific websites loaded with spyware (like VTJeff was asking for) can be delt with fairly easily and the senior admins could just blow it off..."yeah yeah, we can just block that website then..." but random everyday surfing habits from a multitude of people who could give a rats ass about security issues is by far, the epitome of network testing and the best way to show the big bosses what their network is subjected to on a daily basis.

    This isn't an office, it's hell with flourecent lighting
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts