Purposely infecting a VM
Results 1 to 7 of 7

Thread: Purposely infecting a VM

  1. #1
    Junior Member
    Join Date
    Mar 2009
    Posts
    4

    Purposely infecting a VM

    Hey guys, first post on this acct. Used to be active, even had a good number of AP, but alas, I cannot remember the login I used to use =P

    Anyways, I am looking for some sites where I can purposely download malware, stuff like Vundo and Antivirus360. I have a virtual machine I'm setting up so I can infect it and use Sysinternals PE and Procmon to figure out what exactly gets modified and best practices for removing it with having to find a Windows repair disk.

    Sometimes malwarebytes just isn't enough. Thanks in advance.

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Heh. I was doing this same thing last night. I went to crack sites, free downloads etc. Couldn't get the darn thing infected. I actually named the VM 'Infect-Me!'. I don't understand how my mother-in-law can get AV2009 once a month, and I can't get it when I am trying.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    AT YOUR OWN RISK

    This might be a good place to start, but it is a Cult of the Dead Cow affiliate site so be careful.

    I think the password is infected.

    http://www.offensivecomputing.net/
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Junior Member
    Join Date
    Mar 2009
    Posts
    4
    Cool, thanks nihil. That should do just fine. If all else fails, I'll just visit anything .ru

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    There are some links down the left hand side of the main page of the offensive computing site that might also be of interest.

    The problem with just cruising dodgy sites in the hope of getting infected is that you never know exactly what it is you have got, and what the quality is.

    If you are just starting out it is a lot easier if you have the source as well as the executable. Disassembling badly written code can be rather confusing unless you are very good, which I am afraid I am not.

    EDIT:

    If you fancy playing with rootkits, try here:

    http://www.rootkit.com/
    Last edited by nihil; March 3rd, 2009 at 11:15 PM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    There are quite a few places you can look...

    While this may not help with infecting your VM, there's some interesting stuff at the virus source code database (http://vscdb.totallygeek.com/).

    It is also possible to pay to get access to Jotti.org (or at least had been in the past).

    You could also run nepenthes. That would give you plenty of real world examples.

    I need to update my nepenthes install (it doesn't yet have the MS08-067 plugin) but there are a few interesting things that float by it daily.

    [2009-03-01T04:35:05] 60.166.XXX.XX -> <nepenthes> http://60.166.XXX.XX:XXXX/x.exe 7f60162c2c0bd2cc7531e51328e98290 just showed up yesterday.

    There's an analysis here from an automated submission of it -- http://nepenthes.carnivore.it/analys...31e51328e98290

    PM if you want access (the remainder of the URL or a separate download link).
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  7. #7
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    I managed to get AV360. I searched for XP Keygen, and clicked ahead to page 9 or so, one of the first pages I clicked on told me that I was infected and needed to install a 'viruses scan program'.

    Thanks for the links, that should provide some more specific infections...
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

Similar Threads

  1. Could I have a stealthy trojan infecting my system
    By mirado.kelly in forum Newbie Security Questions
    Replies: 7
    Last Post: February 23rd, 2006, 09:35 PM
  2. How are they infecting my PC!
    By doctorgonzo in forum Spyware / Adware
    Replies: 8
    Last Post: October 25th, 2005, 07:42 PM
  3. MySQL bot infecting servers
    By ric-o in forum AntiVirus Discussions
    Replies: 1
    Last Post: January 30th, 2005, 03:09 PM
  4. Infecting SubSeven in a Windows computer
    By jaime in forum Newbie Security Questions
    Replies: 4
    Last Post: September 18th, 2002, 12:29 PM
  5. Top 10 - or What is infecting your Clients
    By Und3ertak3r in forum AntiVirus Discussions
    Replies: 4
    Last Post: June 26th, 2002, 02:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides