Q&A Security Product Testing?

Joined
May 20, 2017
Messages
64
OS
Linux
#1
Hi everyone. Back in the day i used to use the mdl (malware domain list) to do my testing. It seems my the mdl is pretty much dead. At this point the last malware url submitted to mdl was:
2017/12/04_18:50

I would like something like mdl that is very active. I found a site: scrumware.org but according to the site you must enter a captcha to be able see the urls posted. Problem is there isn't a captcha on the page and ive tried multiple browsers. Not sure if this site is great anyways but....

The next question would be most youtube testers out there have large packs of malware (sometimes like 700+ samples that are within the last few days). How in the world do they get those? Even if mdl was current that would take forever to download that many samples.

Whats key here is these samples have to be VERY fresh (last few days). If they aren't of course then ever AV will have signatures. Honestly testing 0 day protection mechanisms are a major interest for me.

I'm not a security researching or anything like that its just more of an interest thing that anything else (like most of the youtube testers i'm guessing).
 
Joined
Jun 24, 2018
Messages
275
#2
I used to use Hybrid-Analysis, but their new manual "vetting" process is making it very difficult to download samples. I'm not a fan of their direction, but maybe @Der.Reisende or @silversurfer can help explain how they got approved.

Alternatively, you could use Hybrid-Analysis to sort by submission date, and then search the SHA256 on VirusTotal to see if there are any comments/sources to get the sample manually.
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,948
#4
I used to use Hybrid-Analysis, but their new manual "vetting" process is making it very difficult to download samples. I'm not a fan of their direction, but maybe @Der.Reisende or @silversurfer can help explain how they got approved.

Alternatively, you could use Hybrid-Analysis to sort by submission date, and then search the SHA256 on VirusTotal to see if there are any comments/sources to get the sample manually.
Hybrid-Analysis doesn't want yahoos on their website eating up bandwidth and generally creating a mess. Youtube testers and their ilk are considered yahoos.

The same can be said of all the other databases.
 
Joined
May 20, 2017
Messages
64
OS
Linux
#5
I used to use Hybrid-Analysis, but their new manual "vetting" process is making it very difficult to download samples. I'm not a fan of their direction, but maybe @Der.Reisende or @silversurfer can help explain how they got approved.

Alternatively, you could use Hybrid-Analysis to sort by submission date, and then search the SHA256 on VirusTotal to see if there are any comments/sources to get the sample manually.
Thanks i never heard of this site before. I did some testing last night just with their links using kaspersky free. I found out that kaspersky free though great at blocking malware but SUCKKKKSSSSS blocking PUPs. Hopefully the people you referenced can help me out.
 
Last edited:
Joined
May 20, 2017
Messages
64
OS
Linux
#6
Hybrid-Analysis doesn't want yahoos on their website eating up bandwidth and generally creating a mess. Youtube testers and their ilk are considered yahoos.

The same can be said of all the other databases.
I can understand that. They probably don't want to create a bigger mess with people downloading malware and distributing it.
 

Der.Reisende

Level 36
Content Creator
AV-Tester
Verified
Joined
Dec 27, 2014
Messages
2,533
OS
Windows 10
Antivirus
Tencent
#7
They never gave me the reason they accepted me, I had an account for quite some time there.
And it was just the same evening they invented that vetting thing I applied for access.
I was lucky maybe.

All I did was filling up basic information, linking MalwareTips HUB as reference (they did ask for the company you work for - I chose Freelance).
I never edit it, because once you alter your information, they will re-vet.
 
Joined
May 20, 2017
Messages
64
OS
Linux
#9
There is a reason for the vetting process and explaining "how" you went about it, kinda defeats that purpose.
I don't see any harm sharing information with fellow malwaretips people who have good intentions. You could probably tell that my intentions are good. We are all friends here anyways right?
 
Likes: BryanB

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,948
#10
Thanks i never heard of this site before. I did some testing last night just with their links using kaspersky free. I found out that kaspersky free though great at blocking malware but SUCKKKKSSSSS blocking PUPs. Hopefully the people you referenced can help me out.
Most people on the forums already know whether or not a program is a PUP\PUA. So PUPs protection is vastly over-rated except in the case of a "user who wants to use stuff." Prolific program installers that grab stuff all over the net and run it on their system - well those types get what they get in the end.

I can understand that. They probably don't want to create a bigger mess with people downloading malware and distributing it.
It's mostly about bandwidth and the annoyances that yahoo testers cause. Basically, the databases don't want home user testers downloading from their sites. The fact of the matter is that home users are generally considered a nuisance, and that is pretty much an industry-wide thing.
 
I

illumination

Guest
#11
Everyone who applies there are different, there is no cheats like or specific details to tell about your persona to gain more priority than others to be picked up, and still, they can terminate your account if they find someone is abusing their services or doesn't any longer meet their requirements, it's their rights, but what I personally think is they want people from different regions with different computing experiences, and not just leechers who download samples, but those who can contribute to Hybrid, share and analys their malware findings around the globe.
I know some of you have not been at MT long enough to remember when i used to state that it is not a game, and helping other users especially those you do not know, to access malware samples is generally not a good idea...

Example: At one time, samples were accessible by anyone, one particular user came in, with no knowledge of what he was about to get himself into, thought it would be cool to test malware, dropped a pack on his system, then was seen out on the main board desperately seeking help with his badly infected system "more then likely his parents network". So it is nothing personal against anyone, i just personally think giving out advice to just any user to access dangerous malware is not a good idea.
 
Joined
May 20, 2017
Messages
64
OS
Linux
#12
I know some of you have not been at MT long enough to remember when i used to state that it is not a game, and helping other users especially those you do not know, to access malware samples is generally not a good idea...

Example: At one time, samples were accessible by anyone, one particular user came in, with no knowledge of what he was about to get himself into, thought it would be cool to test malware, dropped a pack on his system, then was seen out on the main board desperately seeking help with his badly infected system "more then likely his parents network". So it is nothing personal against anyone, i just personally think giving out advice to just any user to access dangerous malware is not a good idea.
You can really say that about a lot of things: Guns, knives, lawn mowers, cars , motorcycles, circular saws, ect...

All you can do is throw up all kind of warnings and let people know if they go further they are doing so at their risk. I bet a lot of researching started out of curiosity. If they couldn't have access to such samples where do you think they would be now? Do you think only people who work at AV vendors should have access to such samples? I think trying to protect people from themselves is a mistake. Yes there will be those yahoos who mess their system up but then there will be those that add to the security community.

A good example is i'm a developer by trade. There are a lot of people out there programming sites with all kinds of vulnerabilities because they don't know what the heck they are doing: SQL Injection, cross site scripting attacks, don't correctly hash password in their database, ect... But do i think depriving them of products to make sites is a solution? Absolutely not. I remember shaking my head when the developers of ashley madison correctly bcyrpt passwords but in the end one of the developers thought it was to slow so he stored md5 passwords right beside it.
 
I

illumination

Guest
#13
You can really say that about a lot of things: Guns, knives, lawn mowers, cars , motorcycles, circular saws, ect...
All of which, i would not hand over to someone i did not know, or to be honest, there are a few i know i still would not hand over too...

Seriously, go apply at these sites by all means, i'm just stating those that have should not share how, it is up to you to convince those sites if you should be allowed the responsibility of accessing dangerous malware.
 
Likes: upnorth
Joined
May 20, 2017
Messages
64
OS
Linux
#14
Most people on the forums already know whether or not a program is a PUP\PUA. So PUPs protection is vastly over-rated except in the case of a "user who wants to use stuff." Prolific program installers that grab stuff all over the net and run it on their system - well those types get what they get in the end.
I have disagree that PUP protection is overrated. While i agree that most members of this site are advanced users and know what PUPs are sometimes we are researching for family members that don't know what they are doing. Sometimes these PUPs can be difficult to remove and who knows what they are doing behind the scenes. Honestly after a machine gets anything on it i really don't trust it. I wipe/reinstall. On top of that there are sites that at one point started inserting PUPs into all their programs with no warnings (download.com). There has also been programs that randomly started insert PUPs into. A great example is the classic unlocker program. At one point the developer decide to insert PUPs into it with no warning.
 

Lockdown

From AppGuard
Developer
Verified
Joined
Oct 24, 2016
Messages
3,948
#16
I have disagree that PUP protection is overrated. While i agree that most members of this site are advanced users and know what PUPs are sometimes we are researching for family members that don't know what they are doing. Sometimes these PUPs can be difficult to remove and who knows what they are doing behind the scenes. Honestly after a machine gets anything on it i really don't trust it. I wipe/reinstall. On top of that there are sites that at one point started inserting PUPs into all their programs with no warnings (download.com). There has also been programs that randomly started insert PUPs into. A great example is the classic unlocker program. At one point the developer decide to insert PUPs into it with no warning.
No matter how hard you try, you will not find a suite or layered security that will ever be able to completely protect a system against users who just don't know what they're doing. The best that you can do when dealing with the uninformed and uninitiated is to rollback the system to a known clean state after they are done using the system.

The thing of it, as systems become more complex (as Microsoft piles more and more [edited] onto Windows), the security softs become increasingly complex also - to protect those that cannot protect themselves. And in turn, as the security soft complexity increases even at the defaults, fewer and fewer people can handle it. So it is a vicious cycle. It's a no-win:no-win situation.

If people would stop expecting a security soft to be a substitute for knowledge and experience, they would be safer. But until that changes, nothing will change.