What is the reason behind testing malware?

TechHelper

Level 2
Thread author
Verified
Jul 21, 2014
64
I've been browsing threads and post on here about "malware testing" and malware samples. Why do people test malware (and who does it)? Also, how do you do it?
 
  • Like
Reactions: FreddyFreeloader
I

illumination

I've been browsing threads and post on here about "malware testing" and malware samples. Why do people test malware (and who does it)? Also, how do you do it?
They are mainly testing AV's ect for detection, but some test malware to learn it's behaviors, where it stores itself, how to eradicate it. As far as who, well experienced individuals do testing, and it should be maintained that way.
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
Why?

Work related, I remove malwares from customers. To make my job easier I do collect samples and analyze them so the next instance I encountered a similar strain, removal would be easier and faster. I use my own tools aside from other great tools you can find in the web. Example I got an unknown worm sample let's say a vbs file (since it's the most abundant here) I can remove it manually, might take me 5-10 minutes but if I have a script, removal can be done in seconds

I no longer test the likes of sality or virut or rootkits since they have a different approach and specialized tools available for removal.

How?

I infect my PC sometimes in Sandboxie, if I need to create a script for it's removal, I do it "live" to make sure my procedure is effective. There is a program written by @n.nvt you can use it if you like, but since I'm stucked with Windows XP Home, I make before and after snapshots of my system then analyze the results and reversing the effect of the malware. Mostly I do this with the files and the registry as well if it is managable i.e. only a few keys are involved. If there are more I just rely on scanning with MBAM and other AV. No need to reinvent the wheel.
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
If you like I can provide a sample or two for you to test and remove. These will be low level worms that are easy to remove.
 
  • Like
Reactions: TechHelper

TechHelper

Level 2
Thread author
Verified
Jul 21, 2014
64
If you like I can provide a sample or two for you to test and remove. These will be low level worms that are easy to remove.
Thank you for your very informative answer, I appreciate. Yes, that would be great. Would I need to install sandboxie?
 

Lailson

Level 13
Verified
Top Poster
Well-known
Jan 3, 2014
618
Look, at least for me is where I have to have greater experience and knowledge of how to behave such threats through behavior and detection of various antivirus software, as well as being a form of fun. For example, how a keylogger works, based on that I can protect myself, just to look and analyze I have a sense of how this works malware or clues, it helps you to know whether or not infected and prevent infections. Another reason and submit these samples for antivirus companies to have greater coverage of the threats. I love test and have so much fun :)
Another question about how to do it: I do not recommend you do this kind of testing, we have many dangerous threats of extreme and irreversible behavior, which can result in loss of money, etc. data. Only for experienced and they know what users are doing. Should be done in a virtual environment (virtual machine with some settings) or an old computer, which nobody uses, with other measures. If you're interested, search for more ;)
 

TechHelper

Level 2
Thread author
Verified
Jul 21, 2014
64
Look, at least for me is where I have to have greater experience and knowledge of how to behave such threats through behavior and detection of various antivirus software, as well as being a form of fun. For example, how a keylogger works, based on that I can protect myself, just to look and analyze I have a sense of how this works malware or clues, it helps you to know whether or not infected and prevent infections. Another reason and submit these samples for antivirus companies to have greater coverage of the threats. I love test and have so much fun :)
Another question about how to do it: I do not recommend you do this kind of testing, we have many dangerous threats of extreme and irreversible behavior, which can result in loss of money, etc. data. Only for experienced and they know what users are doing. Should be done in a virtual environment (virtual machine with some settings) or an old computer, which nobody uses, with other measures. If you're interested, search for more ;)

Alright, I understand. If I shouldn't do it, I will search more on it. Thanks for the feedback.
 
  • Like
Reactions: Lailson

Lailson

Level 13
Verified
Top Poster
Well-known
Jan 3, 2014
618
Alright, I understand. If I shouldn't do it, I will search more on it. Thanks for the feedback.
On the internet should have many articles as a virtual machine works and how to configure it. Here in MT we have many good reviews from testers that can help you too. Just be careful and start slowly if you have any questions, ask any of us, then yes you can test in a safe manner without risk, either for fun or to have greater knowledge :)
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
Thank you for your very informative answer, I appreciate. Yes, that would be great. Would I need to install sandboxie?

To get you started, you can try my samples live, I can guide you step by step so no need to worry.

But about the other samples from MT, prudence dictates that you listen to this.

Good to Know!
Any links supplied in this forum can be expected to lead to actual live malware, and should be considered very dangerous! As such, following these links will most likely result in an infection.
Any possible damage to a users operating system or personal files from following any of these links is completely the responsibility of the user.If you do not know what you are doing here, it is recommended you leave right away.

You can use the following VMWare, VirtualBox, Sandboxie, Shadow Defender, Deep Freeze, Quiet Zone etc. Never try this unless you believe you are comfortable enough.
 

FreddyFreeloader

Level 32
Verified
Top Poster
Well-known
Jul 23, 2013
2,115
Alright, I read some info on virtual machines (plus how to install VirtualBox) and watched videos of people using them. I will take heed in the warning.
Also remember, even if you are in a virtual environment, malware can still steal passwords stored in a browser, IDs that are not encrypted, anything else laying about that it can read.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top