-
June 16th, 2005, 07:29 PM
#1
where can you get viruses?
we plan to setup virtual OS environments using VMWARE and infect the virtual OS with viruses & malware. we are going to make instructional videos from the VM's for users to show them the damage potential if they don't apply common sense and due care.
where can we go to get viruses?
p.s. this is going to work, right? i assume if you lauch malicious code within a VMWARE session - is can't escape the VM.
-
June 16th, 2005, 07:39 PM
#2
this is going to work, right? i assume if you lauch malicious code within a VMWARE session - is can't escape the VM.
If I am not mistaken as long as the virus is on the hard drive of the computer it will be unbiased as to where it spreads. My suggestion for things like this are to set up a few boxes (depending on how many you need) create images of how they are, infect them all you want, then just reimage them when you are done just to be safe.
where can we go to get viruses?
you have several options. you can go hunting for them and jump on kazaa or some other p2p program and download random files that look suspicious, maybe a sear for "*.mp3.exe" or something. You can create an unpatched windows box and toss it on the open net and go surfing to random not so legit webpages and im sure you will pick up some good stuff. You can contact other organizations that do this type of research and they probably have some disks with "controled" viruses on them.
-
June 16th, 2005, 07:51 PM
#3
Re: where can you get viruses?
Originally posted here by rowdy_yates
where can we go to get viruses?
Hang around the doctor's office, and get people to breathe on you.
Above ground, vertical, and exchanging gasses.
Now you see me | Now you don't
"Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
sometimes my computer goes down on me
-
June 16th, 2005, 08:28 PM
#4
p2p networks are a good place. If you do use something like kazaa lite, make sure to remove the filters. They have put a lot of double extentions into the search filters to help try to thwart the spread of viruses on the p2p networks.
There are plenty of sites out there that have viruses archived.
You can even find the source code to serveral.
Surf some "shady sites" with an unpatched Internet Explorer.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
June 16th, 2005, 08:38 PM
#5
-
June 16th, 2005, 09:19 PM
#6
I don't want to sound rude, but is this really a good idea? Are you sure this is safe?
Not the process itself...don't get me wrong rowdy but if you have to ask where to get the viruses, it reduces my confidence in your abilities to properly manage this hostile environment you've described.
How do you plan to infect the virtual systems, and not the host itself? How are you going to keep the virtual systems from infecting other devices on your network? How are you going to ensure the video data of these activities is not infected when transfered for production and preparation for use in training?
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
June 16th, 2005, 09:23 PM
#7
Member
XTC46 is right:
If I am not mistaken as long as the virus is on the hard drive of the computer it will be unbiased as to where it spreads.
The way VMWare works is it bridges the components of the host to include networking to make it a virtual machine.
to SYN, or not to SYN. That is the question. -Shakespeare?
-
June 16th, 2005, 09:34 PM
#8
Member
VX Heaven (http://vx.netlux.org/) is a place I used to visit back when I used to look for things to play with and read 29a Labs zine issues. They keep a decent archieve of malware (mostly non-spyware/adware) pieces around. For spyware and adware, I usually just look for lists of software that contain pieces that I'd be interested in and hunt down the programs that contain the unwelcomed guests.
Hope this helps and be safe.
-
June 16th, 2005, 09:36 PM
#9
p.s. this is going to work, right? i assume if you lauch malicious code within a VMWARE session - is can't escape the VM.
Just reading this makes me think of the guy who asks if it will hurt if he shoots himself in the foot.
Now, the real answer is, "it depends". The payload of the virus dictates the action. If you're talking worms and malware, these guys are going to use networking to spread so get ready to explain to your CEO why there was a mass outbreak within your organization.
FREE SAFETY TIP:
Get an isolated lab environment.
Use samples of worms/viruses/malcode that have a *known* payload. This way you can watch it using a sniffer, etc.
That said, here is a free online library of virus/worm/malware samples:
http://vx.netlux.org/
BE CAREFUL.
<EDIT> Optiq hit POST just before I did. He beat me to the punch on the VX Heaven site.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 16th, 2005, 10:14 PM
#10
good stuff. thanks to all.
we are losing the battle of user awareness. so we thought we would try a more "spectacular" awareness program approach. show them how destructive things can get but contain it in a controled environment.
am aware of kaaza e.t.c.. thought i would try you guys to see if you might have some better places.
most probably am going to do this on a machine that isn't connected to ethernet.
i just really like the idea of creating an avi file from the VM as the virus does damage. sort of showing a before and after picture. will need to hunt for a "spectaular" virus whose damage payload on the file system looks impressive on screen.
cheers.
:-)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|