Spyware Website for testing purpose

[VTJeff99]

Anyone know of a good website that will infect my computer with spyware? The browser settings at my work are not secure, Active X is enabled and I'm constantly cleaning up users pcs. The senior sys admins at work are lazy and their attitude is that this is just something you get while surfing the web. I want to have a demo to show some of the senior management at work that this is a serious problem.

Thanks,

[djscribble]

you could go to the actual xupiter and the new.net site and install their stuff, and then also install kazaa, and overnet making sure you install all of their spyware. then you can go to astalavista.box.sk and to to download a crack and install whatever porn spyware that is offered through the cracks.am site.

finally, one thing that is a MUST is hotbar because that will go out and get some more spyware

[cacosapo]

try at www.malware.com.

[groovicus]

Wow...bad idea? If I knew you were intentionally doing that to my network, you would no longer be an employee...I could be wrong, but intentionally causing a problem that leads to loss of revenue (somebody is going to have to fix it, right) is sabotage??

Wouldn't it be better to put together a little presentation that will show your bosses how much money they could lose per infection? From my experience, cleaning up a normal infestation of Spyware takes 2-3 hours. For argument, let's say 3 on average to cover the bad cases. 3 hours the computer is down. 3 hours for someone to fix it. 3 hours that you can't conduct business on your computer. Depending on how heavily you use your computers, and what they are used for..

So if I have to outsource to fix the computer at $75 per hour (emergency service), plus I can make $75 per hour with a working system, plus my pay, say $15 per hour...so roughly $500?? As Catch pointed out very effectively, talk in dollars, not vulnerabilities. It worked for me anyway..

What you want to do is no different than saying you want to introduce a virus into the system just to prove the AV software is crap... bad idea.

[Tiger Shark]

Groov: I gotta guess he's going to use a labrat not one of the production boxes, even if the labrat is his own box since he implies that he is a net admin by the way he talks about the senior ones rather than just the IT staff.

Jeff: If I'm wrong in my statement to Groovicus don't be silly.... You'd be punted from my network too.... and you don't want to be punted by me......

If you really want to prove your point buy a cheap HD, put it in one of the computers and install the base operating system on it, (disconnect the production drive so you don't mess it up). Do not patch it or connect this box to the internet after the OS installation. D/L Spybot Search and Destroy, AdAware and The Cleaner to CD on a different box and install them. Set the start page to blank so it doesn't visit the net and open all three programs and update the definitions. Disconnect from the internet and run all three. Save the results to file or print them. This will show a clean machine. Set the box up in the lunch room and tell everyone it's free to use.... The only rule is that they can't check personal email unless you can have this box connected in the DMZ of the firewall, (you don't want viruses messing with the production network). Let them all use it for a week. Then disconnect it and rerun the three apps saving the output again. Don't update the three apps for the second scan..... You need to keep the test parameters the same.

Now you have the before and after of the state of the machine after a single week. List the new "issues" and explain their danger/risk or how they affect productivity. This shows them the potential for harm or cost.

Then time, to the second how long it takes to clean this machine. Let's say all three programs take 54 minutes to run and clean/quarantine all the problems. Multiply this by 12. That's 648 minutes per year to clean a machine every month and remove the threat/productivity drain. Multiply that by the number of workstations, let's say 40.... That's 25,920 minutes per year or 432 hours.... Now take your salary and multiply your hourly rate by 423, (let's say $20/hour), giving $8640 a year to clean computers that could be protected and cost 20 hours a year to clean... that's a savings of $8240 every year after you spend the time protecting the computers as best you can. It pretty much pays for itself in the first year doesn't it? Bear in mind this assumes that all three apps can clean the issues on the first pass..... many require a reboot and rescan to fix them thus extending the time by as much as a third or more. The base calculation in the circumstance quoted works out to 1/5th of an FTE, (Full Time Employee), per year. That should get some attention from your leadership....

[groovicus]

Yeah, what he said

and you don't want to be punted by me......

Tiger's got the "Big Hand"

[Tedob1]

you could always run a controlled test. install spybot on a couple of machines and and let the rest be. if it shows them the benifits of having it, your company can buy it for all the machines. if not uninstall it.

[JohnHACK]

Tiger Shark, I like your ideas.... Thanks...

[ShagDevil]

Set the box up in the lunch room and tell everyone it's free to use

Tiger, you make quite an excellent point just in that statement alone. Specific websites loaded with spyware (like VTJeff was asking for) can be delt with fairly easily and the senior admins could just blow it off..."yeah yeah, we can just block that website then..." but random everyday surfing habits from a multitude of people who could give a rats ass about security issues is by far, the epitome of network testing and the best way to show the big bosses what their network is subjected to on a daily basis.

This isn't an office, it's hell with flourecent lighting