Need help in testing security softwares

VirusAttak

VirusAttak

Level 4
Thread author
Verified
Aug 31, 2014
182
Hello ,

I need little help in testing security products such as antivirus. For reviews on my website right now i use shadow mode while testing.
what's your suggestion?
where i can get mega malware packs?
where i can get 0-day malwares?
where i can get malicious URLS?

Thank you

PS: I use my laptop for testing (also use it for work )
 
  • Like
Reactions: Dani Santos
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
What kind of testing will you perform, general, random or unique samples?

It's strongly recommended that you do not mix a production and test system in one. Watch out, your ID may be stolen.
 
  • Like
Reactions: Adhit Prakosho, VirusAttak and Exterminator
Dani Santos

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
I need little help in testing security products such as antivirus. For reviews on my website right now i use shadow mode while testing.
what's your suggestion? - Use virtual box with a clean snapshot, process explorer to see the malicious processes and malware bytes and hitman pro to see the remaining traces in the disk.
where i can get mega malware packs? - http://malwaretips.com/forums/virus-exchange.104/
where i can get 0-day malwares? - http://malwaretips.com/threads/places-to-find-malware.1812/
where i can get malicious URLS? - http://malwaretips.com/threads/places-to-find-malware.1812/

this may help:
 
  • Like
Reactions: VirusAttak
C

Cch123

Level 7
Verified
May 6, 2014
335
Petrovic said:
This is garbage :D
Click to expand...

Download from there is so long that I think you would need a half a day to download a single pack. :)

Also, if you are not going to bother putting in effort in combining a pack yourself by joining several together, then why bother testing? Also, getting actual zeroday malware is not that easy. Nowadays exploit/malware sites generally last a few hours before vanishing again.
 
  • Like
Reactions: VirusAttak and MalwareT
Petrovic

Petrovic

Level 64
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,355
Cch123 said:
Also, if you are not going to bother putting in effort in combining a pack yourself by joining several together, then why bother testing? Also, getting actual zeroday malware is not that easy. Nowadays exploit/malware sites generally last a few hours before vanishing again.
Click to expand...
http://malwaretips.com/threads/2015-01-18-20.40901/
It took about 15-20 minutes of work
pcshake.gif

:D
 
  • Like
Reactions: tonibalas, MalwareT and VirusAttak
VirusAttak

VirusAttak

Level 4
Thread author
Verified
Aug 31, 2014
182
2!<15 said:
http://malwaretips.com/threads/places-to-find-malware.1812/
Click to expand...
it should be my next step :)


Dani Santos said:
Join a bunch of smaller packs
Click to expand...
That's what I'm doing though it time consuming process that's why I'm looking for bigger packs :)

Petrovic said:
Do you want to advertise your site by dint of MT?
Your site looks "professional" http://www.tecoreviews.com/reviews/eset-smart-security-8/
Why don`t you can find samples?
Click to expand...
No I don't want to advertise my site as a member of this awesome community i asked it with explanation what i'm going to do with these packs :)
And thanks for your kind words about my site :)

Malware Test said:
@VirusAttak virussign.com
Click to expand...
I'll check it thank you :)

Cch123 said:
Download from there is so long that I think you would need a half a day to download a single pack. :)

Also, if you are not going to bother putting in effort in combining a pack yourself by joining several together, then why bother testing? Also, getting actual zeroday malware is not that easy. Nowadays exploit/malware sites generally last a few hours before vanishing again.
Click to expand...
I'm really sorry if you find it effortless mate. i'm collecting malware from every source,as i don't have much knowledge of these malware sources thats why i asked for pre-packed packs and some urls people here having very good knowledge about these stuff :)
 
  • Like
Reactions: MalwareT and Dani Santos
VirusAttak

VirusAttak

Level 4
Thread author
Verified
Aug 31, 2014
182
Alright I got my lesson I have to collect them myself, and need a vm for testing
Thanks to everyone for their valuable suggestions
;-)
 
  • Like
Reactions: Dani Santos
H

hjlbx

Hello VirusAttack,

Huracan mentions critical point...

Huracan said:
It's strongly recommended that you do not mix a production and test system in one. Watch out, your ID may be stolen.
Click to expand...

I use SD Shadow Mode...it works for me. However, I generally disable network prior to running malwares. My system is setup to prompt when malware attempts outbound connection.

If you allow malwares to run in Shadow Mode without any restrictions whatsoever, then any malware that is designed to grab data and transmit it will do so. Shadow Mode per se provides no data protections; it only provides protection against infection of physical system. My one admonition to you is to make sure you fully understand that all your system data is exposed in Shadow Mode, unless you put in place measures to protect it. I learned by thoroughly studying many guides/posts here on Shadow Defender forum.

I truly mean not to offend you...and I am no expert nor wannabe, but it seems to me that you need to do some study up...As you are asking for infos that most any malware tester knows from hard-won experience.

Maybe you are really just starting out and simply asking for help...there's no problem with that...most everyone here seems to respect that...as I think most on this forum "learned-by-doing" and asking help from those that have the advanced knowledge and experience.

Like I said, truly I mean not to offend you...rather I encourage you in your efforts. :)

Best Regards,

hjlbx
 
  • Like
Reactions: Dani Santos and VirusAttak
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
There are two ways first by Host PC and Guest OS (Virtual Machine)

Which is accurate? Actually running samples in Host PC will gain more accurate however you need it to virtualize your system in order to isolate the system. (By using Sandboxie or Full virtualize like Shadow Defender)

However for safety reason running in full virtual machine is a good step and majority of samples are working well on that environment.

For samples those listed mentioned by other members are varies to be zero day individual samples and pack which undergone process that its fully working without errors.

Good luck and happy testing! ;)
 
  • Like
Reactions: VirusAttak
H

hjlbx

Hello jamescv7,

I use Shadow Defender. Very simple to use...and light resource usage on my low-end CPU. Plus, I do not have sufficient RAM (only 5 GB available) to run resource intensive VM.

Honestly, knowing how to properly use Shadow Defender I find no need of VM. VM to me is just another hassle I do not need. You can call me lazy...

However, I think VM is probably powerful tool. I am no expert on VM. Like I said, because SD so good never even bother. Experience tells me to prefer simple. Simple solution is better...much...for me and system.

Test malwares...different solutions...Shadow Defender, Sandboxie, VM. I think all fairly equivalent in terms of results.

Although I am not too sure how sandbox-aware malware runs on SD. Never tested a known sandbox-aware malware while using SD. Lots of malware does not run...could be written for different OS, because of virtualization, etc.

hjlbx
 
  • Like
Reactions: jamescv7 and VirusAttak
VirusAttak

VirusAttak

Level 4
Thread author
Verified
Aug 31, 2014
182
hjlbx said:
Hello VirusAttack,

Huracan mentions critical point...



I use SD Shadow Mode...it works for me. However, I generally disable network prior to running malwares. My system is setup to prompt when malware attempts outbound connection.

If you allow malwares to run in Shadow Mode without any restrictions whatsoever, then any malware that is designed to grab data and transmit it will do so. Shadow Mode per se provides no data protections; it only provides protection against infection of physical system. My one admonition to you is to make sure you fully understand that all your system data is exposed in Shadow Mode, unless you put in place measures to protect it. I learned by thoroughly studying many guides/posts here on Shadow Defender forum.

I truly mean not to offend you...and I am no expert nor wannabe, but it seems to me that you need to do some study up...As you are asking for infos that most any malware tester knows from hard-won experience.

Maybe you are really just starting out and simply asking for help...there's no problem with that...most everyone here seems to respect that...as I think most on this forum "learned-by-doing" and asking help from those that have the advanced knowledge and experience.

Like I said, truly I mean not to offend you...rather I encourage you in your efforts. :)

Best Regards,

hjlbx
Click to expand...

jamescv7 said:
There are two ways first by Host PC and Guest OS (Virtual Machine)

Which is accurate? Actually running samples in Host PC will gain more accurate however you need it to virtualize your system in order to isolate the system. (By using Sandboxie or Full virtualize like Shadow Defender)

However for safety reason running in full virtual machine is a good step and majority of samples are working well on that environment.

For samples those listed mentioned by other members are varies to be zero day individual samples and pack which undergone process that its fully working without errors.

Good luck and happy testing! ;)
Click to expand...

Thanks for your suggestions. I appreciate it :)
I've a old pc Dual core 1.8ghz only one gb ram there is nothing important in it so I'm thinking to make it my testing machine. by doing this i can secure my laptop as most of important files are in my laptop.
 
  • Like
Reactions: jamescv7 and Dani Santos
You must log in or register to reply here.

Similar threads

oldschool
    • Like
    • Hundred Points
    • Applause
Hot Take Chrome Extensions: eyeo's journey to testing service worker suspension
Replies
1
Views
330
Web Extensions
oldschool
oldschool
jetman
    • Like
    • Thanks
Question Is there any independent testing of DNS providers?
Replies
4
Views
1,345
VPN and DNS
jetman
jetman
Ink
    • Like
    • Wow
New Update Signal is now testing public usernames
Replies
1
Views
452
Messaging and video calls
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top