Advice Request Security Product Testing?

Please provide comments and solutions that are helpful to the author of this topic.

ncage

Level 3
Thread author
Verified
May 20, 2017
103
Hi everyone. Back in the day i used to use the mdl (malware domain list) to do my testing. It seems my the mdl is pretty much dead. At this point the last malware url submitted to mdl was:
2017/12/04_18:50

I would like something like mdl that is very active. I found a site: scrumware.org but according to the site you must enter a captcha to be able see the urls posted. Problem is there isn't a captcha on the page and ive tried multiple browsers. Not sure if this site is great anyways but....

The next question would be most youtube testers out there have large packs of malware (sometimes like 700+ samples that are within the last few days). How in the world do they get those? Even if mdl was current that would take forever to download that many samples.

Whats key here is these samples have to be VERY fresh (last few days). If they aren't of course then ever AV will have signatures. Honestly testing 0 day protection mechanisms are a major interest for me.

I'm not a security researching or anything like that its just more of an interest thing that anything else (like most of the youtube testers i'm guessing).
 
  • Like
Reactions: upnorth and slash/

slash/

Level 6
Verified
Jun 24, 2018
277
I used to use Hybrid-Analysis, but their new manual "vetting" process is making it very difficult to download samples. I'm not a fan of their direction, but maybe @Der.Reisende or @silversurfer can help explain how they got approved.

Alternatively, you could use Hybrid-Analysis to sort by submission date, and then search the SHA256 on VirusTotal to see if there are any comments/sources to get the sample manually.
 
5

509322

I used to use Hybrid-Analysis, but their new manual "vetting" process is making it very difficult to download samples. I'm not a fan of their direction, but maybe @Der.Reisende or @silversurfer can help explain how they got approved.

Alternatively, you could use Hybrid-Analysis to sort by submission date, and then search the SHA256 on VirusTotal to see if there are any comments/sources to get the sample manually.

Hybrid-Analysis doesn't want yahoos on their website eating up bandwidth and generally creating a mess. Youtube testers and their ilk are considered yahoos.

The same can be said of all the other databases.
 

ncage

Level 3
Thread author
Verified
May 20, 2017
103
I used to use Hybrid-Analysis, but their new manual "vetting" process is making it very difficult to download samples. I'm not a fan of their direction, but maybe @Der.Reisende or @silversurfer can help explain how they got approved.

Alternatively, you could use Hybrid-Analysis to sort by submission date, and then search the SHA256 on VirusTotal to see if there are any comments/sources to get the sample manually.

Thanks i never heard of this site before. I did some testing last night just with their links using kaspersky free. I found out that kaspersky free though great at blocking malware but SUCKKKKSSSSS blocking PUPs. Hopefully the people you referenced can help me out.
 
Last edited:

ncage

Level 3
Thread author
Verified
May 20, 2017
103
Hybrid-Analysis doesn't want yahoos on their website eating up bandwidth and generally creating a mess. Youtube testers and their ilk are considered yahoos.

The same can be said of all the other databases.
I can understand that. They probably don't want to create a bigger mess with people downloading malware and distributing it.
 

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
They never gave me the reason they accepted me, I had an account for quite some time there.
And it was just the same evening they invented that vetting thing I applied for access.
I was lucky maybe.

All I did was filling up basic information, linking MalwareTips HUB as reference (they did ask for the company you work for - I chose Freelance).
I never edit it, because once you alter your information, they will re-vet.
 

ncage

Level 3
Thread author
Verified
May 20, 2017
103
There is a reason for the vetting process and explaining "how" you went about it, kinda defeats that purpose.
I don't see any harm sharing information with fellow MalwareTips people who have good intentions. You could probably tell that my intentions are good. We are all friends here anyways right?
 
  • Like
Reactions: vtqhtr413
5

509322

Thanks i never heard of this site before. I did some testing last night just with their links using kaspersky free. I found out that kaspersky free though great at blocking malware but SUCKKKKSSSSS blocking PUPs. Hopefully the people you referenced can help me out.

Most people on the forums already know whether or not a program is a PUP\PUA. So PUPs protection is vastly over-rated except in the case of a "user who wants to use stuff." Prolific program installers that grab stuff all over the net and run it on their system - well those types get what they get in the end.

I can understand that. They probably don't want to create a bigger mess with people downloading malware and distributing it.

It's mostly about bandwidth and the annoyances that yahoo testers cause. Basically, the databases don't want home user testers downloading from their sites. The fact of the matter is that home users are generally considered a nuisance, and that is pretty much an industry-wide thing.
 
I

illumination

Everyone who applies there are different, there is no cheats like or specific details to tell about your persona to gain more priority than others to be picked up, and still, they can terminate your account if they find someone is abusing their services or doesn't any longer meet their requirements, it's their rights, but what I personally think is they want people from different regions with different computing experiences, and not just leechers who download samples, but those who can contribute to Hybrid, share and analys their malware findings around the globe.
I know some of you have not been at MT long enough to remember when i used to state that it is not a game, and helping other users especially those you do not know, to access malware samples is generally not a good idea...

Example: At one time, samples were accessible by anyone, one particular user came in, with no knowledge of what he was about to get himself into, thought it would be cool to test malware, dropped a pack on his system, then was seen out on the main board desperately seeking help with his badly infected system "more then likely his parents network". So it is nothing personal against anyone, i just personally think giving out advice to just any user to access dangerous malware is not a good idea.
 

ncage

Level 3
Thread author
Verified
May 20, 2017
103
I know some of you have not been at MT long enough to remember when i used to state that it is not a game, and helping other users especially those you do not know, to access malware samples is generally not a good idea...

Example: At one time, samples were accessible by anyone, one particular user came in, with no knowledge of what he was about to get himself into, thought it would be cool to test malware, dropped a pack on his system, then was seen out on the main board desperately seeking help with his badly infected system "more then likely his parents network". So it is nothing personal against anyone, i just personally think giving out advice to just any user to access dangerous malware is not a good idea.

You can really say that about a lot of things: Guns, knives, lawn mowers, cars , motorcycles, circular saws, ect...

All you can do is throw up all kind of warnings and let people know if they go further they are doing so at their risk. I bet a lot of researching started out of curiosity. If they couldn't have access to such samples where do you think they would be now? Do you think only people who work at AV vendors should have access to such samples? I think trying to protect people from themselves is a mistake. Yes there will be those yahoos who mess their system up but then there will be those that add to the security community.

A good example is i'm a developer by trade. There are a lot of people out there programming sites with all kinds of vulnerabilities because they don't know what the heck they are doing: SQL Injection, cross site scripting attacks, don't correctly hash password in their database, ect... But do i think depriving them of products to make sites is a solution? Absolutely not. I remember shaking my head when the developers of ashley madison correctly bcyrpt passwords but in the end one of the developers thought it was to slow so he stored md5 passwords right beside it.
 
I

illumination

You can really say that about a lot of things: Guns, knives, lawn mowers, cars , motorcycles, circular saws, ect...
All of which, i would not hand over to someone i did not know, or to be honest, there are a few i know i still would not hand over too...

Seriously, go apply at these sites by all means, i'm just stating those that have should not share how, it is up to you to convince those sites if you should be allowed the responsibility of accessing dangerous malware.
 
  • Like
Reactions: upnorth

ncage

Level 3
Thread author
Verified
May 20, 2017
103
Most people on the forums already know whether or not a program is a PUP\PUA. So PUPs protection is vastly over-rated except in the case of a "user who wants to use stuff." Prolific program installers that grab stuff all over the net and run it on their system - well those types get what they get in the end.
I have disagree that PUP protection is overrated. While i agree that most members of this site are advanced users and know what PUPs are sometimes we are researching for family members that don't know what they are doing. Sometimes these PUPs can be difficult to remove and who knows what they are doing behind the scenes. Honestly after a machine gets anything on it i really don't trust it. I wipe/reinstall. On top of that there are sites that at one point started inserting PUPs into all their programs with no warnings (download.com). There has also been programs that randomly started insert PUPs into. A great example is the classic unlocker program. At one point the developer decide to insert PUPs into it with no warning.
 
5

509322

I have disagree that PUP protection is overrated. While i agree that most members of this site are advanced users and know what PUPs are sometimes we are researching for family members that don't know what they are doing. Sometimes these PUPs can be difficult to remove and who knows what they are doing behind the scenes. Honestly after a machine gets anything on it i really don't trust it. I wipe/reinstall. On top of that there are sites that at one point started inserting PUPs into all their programs with no warnings (download.com). There has also been programs that randomly started insert PUPs into. A great example is the classic unlocker program. At one point the developer decide to insert PUPs into it with no warning.

No matter how hard you try, you will not find a suite or layered security that will ever be able to completely protect a system against users who just don't know what they're doing. The best that you can do when dealing with the uninformed and uninitiated is to rollback the system to a known clean state after they are done using the system.

The thing of it, as systems become more complex (as Microsoft piles more and more ##### onto Windows), the security softs become increasingly complex also - to protect those that cannot protect themselves. And in turn, as the security soft complexity increases even at the defaults, fewer and fewer people can handle it. So it is a vicious cycle. It's a no-win:no-win situation.

If people would stop expecting a security soft to be a substitute for knowledge and experience, they would be safer. But until that changes, nothing will change.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top