Skip navigation.
Home

Anti-malware research (infection and detection)

| |

I have undertaken a tertiary course that requires me to infect my computer with myriad malware signatures (at least 10), and then test multiple anti-malware products (4-5 products)

My main question is: How can I get my hands on multiple signatures, and what's the easiest way to infect said computer? (I'll be using VMWare to try and isolate the infections)

Additionally, if anyone could give me suggestions about the following, I would be most appreciative:
1. What malware is recommended? I'm after a variety of malware types (worms, trojans, viruses, spyware, etc.)
2. What are some (non-commercial) products that people would recommend? I'm planning to test MalwareBytes, but which others are the most interesting?
3. Is VMWare Workstation sufficient for what I'm doing?
4. What are some informative ways to test/document the effectiveness of anti-malware software? The number of detected samples, success rate of removal, speed and efficiency. Any others?

Many thanks in advance.
Smudge

You are taking a course,

You are taking a course, but, you were not provided samples, nor, shown how to obtain malware? That doesn't sound like a very good class.

I created you a .zip and uploaded it (link below) that will have 10 samples of malware, however, if that isn't enough you should head over to www.malwaredomainlist.com and view their extensive list of malicious URLs. You can infect yourself all day long.
http://www.malwaredomainlist.com/mdl.php?inactive=&sort=Date&search=&colsearch=All&ascordesc=DESC&quantity=100&page=0

VM is OK, however, you should be aware that there are many VM-aware spies that will not function if you are using a VM. Also, there are multiple exploits for VM which allow malicious programs (that are run on the VM) to jump over to the host computer and infect that box too. So beware. It would be best if you were running unpatched XP on a Linux host.

Yes workstation is fine. A real box with Ghost images created would be best.

Regarding your last question... Using KNOWN malware to test against AV products is not really a valid means of testing. Many vendors can receive samples or create checks with old malware. The real effectiveness test is to determine how the vendor does against unknown and new malware.

Here are some samples for you. All of these are several months old and are probably detected by most vendors.

http://www.offensivecomputing.net/?q=ocsearch&ocq=c7f9bcd7ea1f22908af908a58c4122eb

Thanks!

Great, thanks adam1mc. Very helpful!

The reason for using known malware is because one of the things I'm testing is the awareness of existing threats (not so much the adaptation to new threats.

The reason for using VMWare is because my spare computer just recently bit the dust, and I don't have time (or money) to put together another one.

This is a research unit, which is I wasn't provided with samples, or instructions. Plus, the unit's organization is terrible, as I've already had 2 arranged meetings where my supervisor failed to show up. It's a pain in the neck, but it's what I've got to live with.

Still looking for recommendations on specific antimalware products to test (if anyone would care to name some).

Again, thanks for the help (and samples) adam.

Antimalware Products

A-squared, Clamwin, Prevx are few to name

Sample Zip

I downloaded the sample ZIP you provided, but instead of a sample of 10 malware programs it was a single exe, am I missing something?