Need help in testing security softwares

[VirusAttak]

Hello ,

I need little help in testing security products such as antivirus. For reviews on my website right now i use shadow mode while testing.
what's your suggestion?
where i can get mega malware packs?
where i can get 0-day malwares?
where i can get malicious URLS?

Thank you

PS: I use my laptop for testing (also use it for work )

 

[2!<15]

http://malwaretips.com/threads/places-to-find-malware.1812/

 

[MalwareT]

Things you will need:

Windows 7/8.1 ISO (Softpedia)
VirtualBox or VMware
Links / malware from here: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=308
Process Explorer / Hacker

 

[Ink]

What kind of testing will you perform, general, random or unique samples?

It's strongly recommended that you do not mix a production and test system in one. Watch out, your ID may be stolen.

 

[Dani Santos]

I need little help in testing security products such as antivirus. For reviews on my website right now i use shadow mode while testing.
what's your suggestion? - Use virtual box with a clean snapshot, process explorer to see the malicious processes and malware bytes and hitman pro to see the remaining traces in the disk.
where i can get mega malware packs? - http://malwaretips.com/forums/virus-exchange.104/
where i can get 0-day malwares? - http://malwaretips.com/threads/places-to-find-malware.1812/
where i can get malicious URLS? - http://malwaretips.com/threads/places-to-find-malware.1812/

this may help:

Spoiler: video

 

[VirusAttak]

it would be general @Huracan
@Malware Test @2!<15 I need pre-packed packs with malwares around 500-1000

 

[2!<15]

I need pre-packed packs with malwares around 500-1000

http://malwaretips.com/threads/malware-requests.17328/

 

[Dani Santos]

it would be general @Huracan
@Malware Test @2!<15 I need pre-packed packs with malwares around 500-1000

Join a bunch of smaller packs

 

[Petrovic]

Do you want to advertise your site by dint of MT?
Your site looks "professional" http://www.tecoreviews.com/reviews/eset-smart-security-8/
Why don`t you can find samples?

 

[MalwareT]

@VirusAttak virussign.com

 

[Petrovic]

virussign.com

This is garbage

 

[MalwareT]

This is garbage

I agree but if he want that anount of samples then he shall use malware hub.

 

[Cch123]

This is garbage

Download from there is so long that I think you would need a half a day to download a single pack.

Also, if you are not going to bother putting in effort in combining a pack yourself by joining several together, then why bother testing? Also, getting actual zeroday malware is not that easy. Nowadays exploit/malware sites generally last a few hours before vanishing again.

 

[Petrovic]

Also, if you are not going to bother putting in effort in combining a pack yourself by joining several together, then why bother testing? Also, getting actual zeroday malware is not that easy. Nowadays exploit/malware sites generally last a few hours before vanishing again.

http://malwaretips.com/threads/2015-01-18-20.40901/
It took about 15-20 minutes of work

 

[VirusAttak]

http://malwaretips.com/threads/places-to-find-malware.1812/

it should be my next step

Join a bunch of smaller packs

That's what I'm doing though it time consuming process that's why I'm looking for bigger packs

Do you want to advertise your site by dint of MT?
Your site looks "professional" http://www.tecoreviews.com/reviews/eset-smart-security-8/
Why don`t you can find samples?

No I don't want to advertise my site as a member of this awesome community i asked it with explanation what i'm going to do with these packs
And thanks for your kind words about my site

@VirusAttak virussign.com

I'll check it thank you

Download from there is so long that I think you would need a half a day to download a single pack.

Also, if you are not going to bother putting in effort in combining a pack yourself by joining several together, then why bother testing? Also, getting actual zeroday malware is not that easy. Nowadays exploit/malware sites generally last a few hours before vanishing again.

I'm really sorry if you find it effortless mate. i'm collecting malware from every source,as i don't have much knowledge of these malware sources thats why i asked for pre-packed packs and some urls people here having very good knowledge about these stuff

 

[VirusAttak]

Alright I got my lesson I have to collect them myself, and need a vm for testing
Thanks to everyone for their valuable suggestions
;-)

 

[hjlbx]

Hello VirusAttack,

Huracan mentions critical point...

It's strongly recommended that you do not mix a production and test system in one. Watch out, your ID may be stolen.

I use SD Shadow Mode...it works for me. However, I generally disable network prior to running malwares. My system is setup to prompt when malware attempts outbound connection.

If you allow malwares to run in Shadow Mode without any restrictions whatsoever, then any malware that is designed to grab data and transmit it will do so. Shadow Mode per se provides no data protections; it only provides protection against infection of physical system. My one admonition to you is to make sure you fully understand that all your system data is exposed in Shadow Mode, unless you put in place measures to protect it. I learned by thoroughly studying many guides/posts here on Shadow Defender forum.

I truly mean not to offend you...and I am no expert nor wannabe, but it seems to me that you need to do some study up...As you are asking for infos that most any malware tester knows from hard-won experience.

Maybe you are really just starting out and simply asking for help...there's no problem with that...most everyone here seems to respect that...as I think most on this forum "learned-by-doing" and asking help from those that have the advanced knowledge and experience.

Like I said, truly I mean not to offend you...rather I encourage you in your efforts.

Best Regards,

hjlbx

 

[jamescv7]

There are two ways first by Host PC and Guest OS (Virtual Machine)

Which is accurate? Actually running samples in Host PC will gain more accurate however you need it to virtualize your system in order to isolate the system. (By using Sandboxie or Full virtualize like Shadow Defender)

However for safety reason running in full virtual machine is a good step and majority of samples are working well on that environment.

For samples those listed mentioned by other members are varies to be zero day individual samples and pack which undergone process that its fully working without errors.

Good luck and happy testing!

 

[hjlbx]

Hello jamescv7,

I use Shadow Defender. Very simple to use...and light resource usage on my low-end CPU. Plus, I do not have sufficient RAM (only 5 GB available) to run resource intensive VM.

Honestly, knowing how to properly use Shadow Defender I find no need of VM. VM to me is just another hassle I do not need. You can call me lazy...

However, I think VM is probably powerful tool. I am no expert on VM. Like I said, because SD so good never even bother. Experience tells me to prefer simple. Simple solution is better...much...for me and system.

Test malwares...different solutions...Shadow Defender, Sandboxie, VM. I think all fairly equivalent in terms of results.

Although I am not too sure how sandbox-aware malware runs on SD. Never tested a known sandbox-aware malware while using SD. Lots of malware does not run...could be written for different OS, because of virtualization, etc.

hjlbx

 

[VirusAttak]

Hello VirusAttack,

Huracan mentions critical point...



I use SD Shadow Mode...it works for me. However, I generally disable network prior to running malwares. My system is setup to prompt when malware attempts outbound connection.

If you allow malwares to run in Shadow Mode without any restrictions whatsoever, then any malware that is designed to grab data and transmit it will do so. Shadow Mode per se provides no data protections; it only provides protection against infection of physical system. My one admonition to you is to make sure you fully understand that all your system data is exposed in Shadow Mode, unless you put in place measures to protect it. I learned by thoroughly studying many guides/posts here on Shadow Defender forum.

I truly mean not to offend you...and I am no expert nor wannabe, but it seems to me that you need to do some study up...As you are asking for infos that most any malware tester knows from hard-won experience.

Maybe you are really just starting out and simply asking for help...there's no problem with that...most everyone here seems to respect that...as I think most on this forum "learned-by-doing" and asking help from those that have the advanced knowledge and experience.

Like I said, truly I mean not to offend you...rather I encourage you in your efforts.

Best Regards,

hjlbx

There are two ways first by Host PC and Guest OS (Virtual Machine)

Which is accurate? Actually running samples in Host PC will gain more accurate however you need it to virtualize your system in order to isolate the system. (By using Sandboxie or Full virtualize like Shadow Defender)

However for safety reason running in full virtual machine is a good step and majority of samples are working well on that environment.

For samples those listed mentioned by other members are varies to be zero day individual samples and pack which undergone process that its fully working without errors.

Good luck and happy testing!

Thanks for your suggestions. I appreciate it
I've a old pc Dual core 1.8ghz only one gb ram there is nothing important in it so I'm thinking to make it my testing machine. by doing this i can secure my laptop as most of important files are in my laptop.