this loai melhim a netwrok security researcher in National advanced IPv6
center ( http://www.nav6.org), iam interested in the Bot area researches
and I am doing some research about botnet detection and I urgently need
botnet traffic traces to validate framework. I am wondering if u can help
in this regard
Need help to simulate malware attack for SCADA system:
I need some samples of malware which is used to simulate malware on our TestBed.
My project is about SCADA Security.
SCADA systems security is different from normal IT systems security.
Hence, please provide some Malware Samples for SCADA systems in Linux environment.
Looking for samples for the newest variant of the SysInternals Antivirus rogue, Milestone Antivirus. Also need new variant of Spyware protection (Malware protection).
I'm working on testing commercial Windows A/V products. I have a fair corpus of malware samples to run through the A/V systems, but I'm having a hard time locating any driver rootkits. Kernel-mode rootkits, NDIS filter mode drivers, even user-mode drivers. Does anyone have examples lying around that were found in the wild?
Hello, I'm looking for particular sample of
a) Mebroot sample= Trojan family
b) MD5 0a211ac6b398f49f8ce982bb0b07bd4a (if you have others samples, please attach also)
c) It modifies the Master Boot Record (MBR). It uses sophisticated rootkit techniques to hide its presence and opens a back door that allows a remote attacker
control over the compromised computer.
Screenshots must be the full picture, not blurred, or watermarked. Samples must be ZIPPED and labeled "name".arc , with password infected. WILL BE THANKFUL FOR ANYONE WHO GIVES ME SAMPLES TO ME AND George, since he also wants it.
I've been looking for the Virus Heat sample, and I can't find it anywhere. Does anyone know where I can find it or does anyone have a sample of it? An upload would be greatly appreciated. Thank you.
Does anyone have a sample of Nortel Antivirus (Rogue)? Need it for research and testing.
Alright guys, I ran across this while on
All of it is bound malware as I have seen and I am going to give a bound as well as unbound .exe for you guys.
There you go. It is a bound as well as unbound copy. Unbound is in the folder and bound is the vent install file when you first open it.
*I'm going to try to get a rogue AV file on this board as soon as I can, enjoy analyzing.
PeID report on install.exe:
In the two years since the Win32/Olmarik family of malware programs (also known as TDSS, TDL and Alureon) started to evolve, its authors have implemented a notably sophisticated mechanism for bypassing various protective measures and security mechanisms embedded into the operating system. Read more here Reverse Engineering Malware
The fourth version of the TDL rootkit family (TDL4) is the first reliable and widely spread bootkit to target x64 operating systems (Windows Vista and Windows 7). Since TDL4 started to spread actively in August 2010, several versions of the malware have been released. By comparison with its predecessors, TDL4 is not just characterized by modification of existing code, but to all intents and purposes can be regarded as new malware. Among the many changes that have been applied as it developed, the most radical were those made to its mechanisms for self-embedding into the system and surviving reboot. One of the most striking features of TDL4 is its ability to load its kernel-mode driver on systems with an enforced kernel-mode code signing policy (64-bit versions of Microsoft Windows Vista and Windows 7) and perform kernel-mode hooks with kernel-mode patch protection policy enabled. This makes TDL4 a powerful weapon in the hands of cybercriminals. In this article, we consider the PPI (Pay Per Install) distribution model used by both TDL3 and TDL4, and the initial installation.