PDA

View Full Version : I want to be infected


Smitty74
01-02-2009, 10:31 PM
Everybody,

I am trying to evaluate different malware removal tools on system that I dont mind getting infected, Maybe get a few screen captures while I am at it. The problem is finding the malware to install. Its amazing to me that I cant find a single reliable place to get my test computer infected.

Does anybody know of a website that hosts these programs for testing purposes? In particular I am looking for a copy of SpywareGuard 2008, but any others would be appreciated.


Before you say it, I realize this post sounds a little sado-masochistic, but my intentions are good. hehe

14049752
01-02-2009, 10:46 PM
Offensive Computing (http://www.offensivecomputing.net/)

WareDat
01-02-2009, 11:23 PM
Yea getting infected isn't as easy as one might think..It took me about a week to get my virtual machine infected. I finally ended up installing a Trojan dropper that I downloaded from a crack site, shortly afterwords I had AV 2009, 2008, XP, Spyware Guard, Vundo, Vundo.H, TDSS, and about 20 others.

The file I downloaded was named "spyware_guard_2008_key.exe" I'm sure with a little luck you can locate it.

lawson_jl
01-04-2009, 11:35 PM
I seem to have to same problem I can't ever seem to get infected if I want too either. Your best bet is to try downloading torrents from piratebay or mininova that other uses say is a virus.

arrow_runner
01-05-2009, 12:48 AM
Not that I've done this, but what about intentionally visiting the websites that spybot blacklists?

supertech365
01-06-2009, 08:56 PM
The easiest way to get infected would probably be through limewire or bearshare.

Jager
01-06-2009, 11:13 PM
Offensive Computing (http://www.offensivecomputing.net/)

WARNING: This site contains samples of live malware. Use at your own risk.

@14049752 has it right. Only place I know of that hosts live (and accessible) malware samples and gives links to them.

WareDat
01-07-2009, 10:58 AM
Also if you join Malware Bytes forum at http://www.malwarebytes.org/forums/ and click on the "Newest Rogue Threats" sub forum you will find links to various malware.

TimeCode
01-08-2009, 04:54 PM
Does anybody know of a website that hosts these programs for testing purposes? In particular I am looking for a copy of SpywareGuard 2008, but any others would be appreciated.

Shoot, had I seen this yesterday I could have sent it to you. I removed it without taking any of the files with me... Sorry.

Try here... See if these guys will help you. http://www.offensivecomputing.net/?q=node/1011

Also check this... Just for fun! http://www.youtube.com/watch?v=NPSJTVB3UAA

Reset
01-10-2009, 01:26 AM
i hope this helps milw0rm.com please use at your on risk you can download millions of viruse trojans and spyware.
you can also get them here leetupload.com/members/Virii/

NYJimbo
01-11-2009, 06:23 AM
What's happening to alot of people is that they are infecting themselves with trojans like fake flash plugins or players.

For example, if you go to this site: WARNING THE FOLLOWING SITE IS A HARDCORE PORN WEBSITE THAT WILL TRY TO GET YOU TO DOWNLOAD A TROJAN/VIRUS TO INFECT YOUR COMPUTER:

http://www . megatubexxx . net/tube/todo/3176/bigtits/2

(note you will have to remove the spaces above to make the link work. I didnt want to put up an functional link that could be clicked.

You will see this:

1) Appears to be a "PornTube" website with hardcore videos. You will see that alot of the nav links at the top do not work and things like comments are non-functional.
2) When you click on any of the videos it will appear to be trying to play but it will ALWAYS tell you that you need a flash upgrade. A video (usually not the one you clicked) appears to be trying to play but there is "noise" moving back and forth which makes it appear as if you are having trouble with your flash player.
3) If you click on the flash upgrade you will actually download one of the latest variants of the virus/spyware/trojans that are going around now. I have seen some where it will just download on others it will actually install as soon as you click. DO NOT CLICK ON THAT FLASH UPGRADE LINK, YOU WILL LIKELY BECOME INFECTED IMMEDIATLY. Sometimes these sites will even try to warn you that you are infected if you do NOT click on the link and then will try to get you to download a fake antivirus instead. SO CHECK THIS SITE OUT AT YOUR OWN RISK.

The fact that so many machines are coming into our shop with the same infections tells me that most are coming from this type of infection process.
We have infected a few machines here to see what happens and it almost always is the same.

Domains like megatubexxx are usually only days or weeks old, so if you do a "whois" you will see they are very recent registrations.

We have cleaned up computers infected in this manner only to have the same machines come back weeks later, re-infected with the same viruses. Often we can find the offending porn website name in the browser history.

TimeCode
01-12-2009, 06:49 PM
Try this...
www dot xewibudar dot com/michael-newdow.html

Definitely a rogue of some sort... Can't guarantee what you'll get though.

techsuper
02-03-2009, 01:22 AM
Hi,
ran across this site yesterday, if your interested.
hxxp://antispyscanner13.com
site hosts System Guard 2009. wonder how may people click OK and let it install?

abe
02-03-2009, 02:49 AM
i tried using the link but avg blocks it.
http://www.technibble.com/forums/picture.php?albumid=2&pictureid=25

confusednow
02-03-2009, 09:10 PM
Hi,
ran across this site yesterday, if your interested.
hxxp://antispyscanner13.com
site hosts System Guard 2009. wonder how may people click OK and let it install?

hello, i have the same antispyscanner13.com on my computer as a pop up. the full URL is hxxp:// antispyscanner13.com/ sysgd09_2/3/10176 I have ran several malware removers and virus scans but cannot get rid of it. my computer knowledge does not expand beyond getting anti viruses etc so I am getting rather frazzled. Does anyone know what this pop up is attributed to or what i can do to prevent it? PLEASE HELP!!:confused:

technut
02-06-2009, 02:05 PM
hxxp://antispyware dot com/index.php?hop=wrldslrgst

Came across the above link when searching about removing viruses. If you click to download you will get antispyware 2009. You can save the file first, but run it, and all hell will break loose.

abe
02-06-2009, 03:57 PM
hi all' I had some fun today with the antispyware 2009 guys this was my email to them.


please I need help removing "antivirus 2009" from my computer will your product do that for me.

Abe

I will write a review about your product on my blog.

this is my first email from them I think I'm gonna have some more fun with them later today,


Re: Unregistered Inquiry
From: Antispyware - Support
To: *********@yahoo.com
Date: Fri Feb 06 09:47:30 2009
Hi,
Have you purchased Antispyware?May I have your bank number please?
--
For any further questions please reply to this email address and include
all previous messages in the email.

Regards,
Charles
The Antispyware Support Team
----------------------------
How am I doing? Email my supervisor David Page at: feedback.vmg@gmail.com
with any feedback. Please use this address only for feedback as it is not
monitored 24/7 and all support requests sent to the address will be moved.


I will then link them to this page and to my "blog" and show them what I think of them.

Abe

arrow_runner
02-06-2009, 04:45 PM
I dunno if sending them the link to this site is such a good idea. We're technically always playing catch-up to the Malware writers and by sending them a link to this thread (and this site), you'd basically be handing them every virus removal process used by techs on here over to the bad guys, and I'd really prefer them NOT to know what methods I use to clean their crap up. (I'm sure they'll find out sooner or later how some of us try to avoid the nuke and pave method, but I'd much rather it be later than sooner, if possible.)

Just my $.02

abe
02-06-2009, 04:57 PM
true, didn't think of that so I will not send it,
but I think they are smarter then that, I'm sure they know the removal procedures we use. they don't care if you can remove it what they want is to get the clients, (our customers) ,to pay for it before we get there and tell them its rouge.

Abe

MLCS
02-06-2009, 05:02 PM
Smarter than that?? Have you re-read their e-mail response again lately?

Re: Unregistered Inquiry
From: Antispyware - Support
To: *********@yahoo.com
Date: Fri Feb 06 09:47:30 2009
Hi,
Have you purchased Antispyware?May I have your bank number please?

I feel bad for us when someone that is well spoken and highly educated actually decides to do this kind of crap... well maybe not feel bad for us, since we'll make a lot of money cleaning it up.

LoL, that's like tire repair shops in small towns throwing nails in the middle of the road a mile outside of town. Maybe the makers of these Rogue's are really the guys behind GeekSquad and Firedog, just creating themselves extra business.

abe
02-06-2009, 05:11 PM
you've got me thinking that it may be US guys making this crp, because up untill now the websites of the rouge software where full of gramatical mistakes and spelling mistakes (yeah I can't spell either) which gave them away however the antispyware. com site is well made and dosn't set of any alarm bells.

so I'm thinking it may be some old employees of firedog or some other bad US tech's looking to make money.

Abe

arrow_runner
02-06-2009, 06:53 PM
Hmm, probably not Firedog. I can't imagine many of them could write complex vbscript, let alone write that kind of software. Either way, the people that write this stuff should be hung by their you-know-what...

eric76
02-23-2009, 05:33 PM
This is a live site: http ://thestabilityweb.com/index.php?affid=10115
It will load AntiVirus2009. This was found on a computer that was using Google to search: bolle steroid. Arod mentioned the name when he was having a press conference about which steroid he was taking.

acs
02-23-2009, 09:14 PM
This link is very live.
Just got myself a version of " system security" on a clean install to play with.

Quickest way I have found to clean is to use the Tools on Bruces USB stick.
Auto runs to identify start up file names and to disable start up.
Reboot
Remove files from start up location
Scan with malware bytes
Job done.

Davedel
03-08-2009, 05:17 AM
I kinda stick to malwarebytes and super antispyware. seem to do the job for almost anything:)