I'm trying to test various forms of malware to see both how they act and to test out different programs, but of the ~20 or so I could actually run from the couple batches I downloaded from repositories, only a few actually did anything, and even then it wasn't anything spectacular (moderately high CPU and/or disk activity without actually doing anything noticeable). I don't know if it's because they were VM-aware, because they're old and crippled by OS patches that have occurred since they're time, if Windows Defender was blocking them (I disabled it, but even disabled it still seems to take action, which is frustrating), or a combination of these or other factors. Of course, I'm running other programs, since I'm testing, but AFAICT none of them are stopping the malware once I allow it. I was running SecureAPlus, VoodooShield, Software Restriction Policy (disabled), Malwarebytes Anti-Exploit Beta, and OSArmor. SAP, VS, and OSA would all throw up warnings, but I would bypass them to try and get the malware to run, and eventually it either would or, more often, it would seemingly do nothing or even disappear.
So I have a few questions. First, am I missing something? Why am I having such a hard time getting anything to happen? The one I got the most action out of was ZeroLocker, which I got to run and it was showing fairly heavy disk usage, but none of my files were encrypted and after a while it crashed the VM. I'm just astonished at how difficult it's proving to infect myself. Second, does anyone have a recommendation of somewhere I could get some more effective malware to test? ViruSign looks promising but I don't see a way to sign up, so I'm guessing it's for researchers only. I'd even be happy with (and would actually prefer) fake malware, perhaps a "ransomware" that would only encrypt files in "c:\ransomware test directory" so that it wouldn't be in any signature databases and would be safe and easy to test. I also want various forms (pdf, doc with macros, scripts, etc). Anyways, I'm not sure if this is something anyone would even be willing to answer, but I figured I may as well ask. I've spent hours trying to get something working so I can test things.
By the way, before anyone asks or offers a warning, I'm testing in VirtualBox with the network, shared folders, clipboard, and drag-and-drop all disabled and guest additions uninstalled, and all the data on the host is backed up so even if the worst happens and something gets out it wouldn't be the end of the world (though it would still suck, of course).
So I have a few questions. First, am I missing something? Why am I having such a hard time getting anything to happen? The one I got the most action out of was ZeroLocker, which I got to run and it was showing fairly heavy disk usage, but none of my files were encrypted and after a while it crashed the VM. I'm just astonished at how difficult it's proving to infect myself. Second, does anyone have a recommendation of somewhere I could get some more effective malware to test? ViruSign looks promising but I don't see a way to sign up, so I'm guessing it's for researchers only. I'd even be happy with (and would actually prefer) fake malware, perhaps a "ransomware" that would only encrypt files in "c:\ransomware test directory" so that it wouldn't be in any signature databases and would be safe and easy to test. I also want various forms (pdf, doc with macros, scripts, etc). Anyways, I'm not sure if this is something anyone would even be willing to answer, but I figured I may as well ask. I've spent hours trying to get something working so I can test things.
By the way, before anyone asks or offers a warning, I'm testing in VirtualBox with the network, shared folders, clipboard, and drag-and-drop all disabled and guest additions uninstalled, and all the data on the host is backed up so even if the worst happens and something gets out it wouldn't be the end of the world (though it would still suck, of course).