A forum for reverse engineering, OS internals and malware analysis 

Forum for completed malware requests.
 #1782  by ssj100
 Thu Aug 05, 2010 4:22 am
Hi, does anyone have any live malware files of remote code execution? I am most interested in scripts and macros. For example, malware hiding in a Microsoft Word macro or that executes via cmd.exe, cscript.exe, java.exe etc. Thanks!
 #2224  by ssj100
 Tue Aug 24, 2010 5:25 am
EP_X0FF wrote:Perhaps if you can clarify your request you will have sample. Example of malware name/families perhaps?
I don't really know of any names or families. As I wrote, I'm more interested in malware of a certain kind of behaviour. One example would be Adobe Reader exploits which attempt to download and run executables to infect your system, just by double clicking the PDF file. If anyone has any live samples like that, I'd be grateful if you could link me to download them.

Another example would include Buffer Overflow exploits which attempt to harm your system (I think they all attempt to download and execute a further malicious executable) or to eg. disable SRP.

Further examples would be malware which can infect your system just by opening a .mp3 file or a .doc file (eg. via a macro).
 #2237  by ssj100
 Tue Aug 24, 2010 8:51 am
Didn't seem to work with version 9.3.0 (this version is at least several months old). Wonder why it's so hard to purposefully get infected haha. Almost makes me wonder how people actually get infected in the first place (especially with a default-deny mechanism in place).
 #2281  by Radovan
 Wed Aug 25, 2010 7:45 am
ssj100 wrote:Didn't seem to work with version 9.3.0 (this version is at least several months old). Wonder why it's so hard to purposefully get infected haha. Almost makes me wonder how people actually get infected in the first place (especially with a default-deny mechanism in place).
Step by Step:

1. Remove Adobe Reader 9.3.0, Install Adobe Acrobat Reader 8.1.0 (Also install JRE6U16 to be sure)

2. Go to http://www.malwaredomainlist.com/mdl.php

3. Visit some sites listed there with Firefox & all plugins enabled

4. Enjoy being infected :)
 #2324  by ssj100
 Wed Aug 25, 2010 11:56 pm
Radovan wrote:
ssj100 wrote:Didn't seem to work with version 9.3.0 (this version is at least several months old). Wonder why it's so hard to purposefully get infected haha. Almost makes me wonder how people actually get infected in the first place (especially with a default-deny mechanism in place).
Step by Step:

1. Remove Adobe Reader 9.3.0, Install Adobe Acrobat Reader 8.1.0 (Also install JRE6U16 to be sure)

2. Go to http://www.malwaredomainlist.com/mdl.php

3. Visit some sites listed there with Firefox & all plugins enabled

4. Enjoy being infected :)
Thanks, but something more specific would be nice - eg. which exact site to visit and what is the expected malicious behaviour. I want to be able to reproduce the malware behaviour reliably.