A friend of mine was infected with this Rootkit, I thank him for contributing the sample.

He saved the sys file from a backup, and uploaded it for us at Rapidshare.

http://rapidshare.com/files/359540439/xeortd.rar

A thread discussing behavioral details, and removal instructions for the rootkit
Courtesy of Spybot S&D - http://forums.spybot.info/showthread.php?&t=55711

I tried viewing the SYS file with Wordpad (not a disassembler) and found APIs like IoDeleteDevice and APIs which are hidden.

Facebook phisher - Check it out while it's hot !

Download here (Rapidshare)

Local mirror

RAR Archive Password: "infected" (without quotes)

Cheers :)
Kish

Source code of an exploit pack - Firepack

Download here

RAR Archive Password: "infected" (without quotes)

P.S: Don't know if this has been posted earlier ... ;)

Cheers :)
Kish

Source code of a coule of worms that gave people a good run for their money

Download MyDoom here

Download Beagle here

RAR Archive Password: "infected" (without quotes)

P.S: Don't know if this has been posted earlier ... ;)

Cheers :)
Kish

Found this bot's source code lying in my drive, this is from 2006.

Download here

P.S: Iam still alive... up and running ...

Cheers :)
Kish

Found this Injecto source to be lying on my hard disk, thought I'll post it here ...

Get Injecto's source here

Cheers :)
Kish

Hi people, After a long time, one decent post perhaps ;)

This worm is a mobile malware, also the alias of the infamous Cabir.a

The author has originally named it Caribe.a, and this worm looks like some C/C++ code.

Ref: http://www.viruslist.com/en/viruslist.html?id=1689517

The source code as usual, is uploaded for you ;)

Download here

Cheers :)
Kish

Speaking about PHP RFI vulns, this is a classic example.

This is a web-based bot that uses PHP as it's base, and is similar to BlackEnergy DDoS bot in terms of operating out of the web.

OC Download pBot Source code (rename extension to .rar)
Here's the Rapidshare Mirror

Cheers :)
Kish

Just found out this blog, and I have a strong intuition that this belongs to a terrorist group (mujahideen / taliban / al-qaeda) ??

Check it out if your just as curious

Few more sites found ...

http://naseeha.wordpress.com/
http://moderatesrefuted.wordpress.com/
http://truthline.wordpress.com/
http://alkarnee.wordpress.com/

and a terrorist magazine: http://202.75.33.137/uploads/teaqny_magazine1.zip

Update: Will try to add random terrorist encryption tools download if I get my hands on them in a while ...

Cheers :)
Kish

Warning: This happens to be an OFF Topic Post, sort of a rant.

It's too bad that we didn't see the potential to develop something similar here in Offensive computing, even upon a bare idea and some small support from one guy who said it's a nice idea to have a standard for testing AVs

Today this is here on ...
http://www.securityfocus.com/news/11502

Just felt like, aww, that's something I thought, and it never materialzed ;)

Cheers :)
Kish