[ssj100]

Hi, does anyone have any live malware files of remote code execution? I am most interested in scripts and macros. For example, malware hiding in a Microsoft Word macro or that executes via cmd.exe, cscript.exe, java.exe etc. Thanks!

[EP_X0FF]

Perhaps if you can clarify your request you will have sample. Example of malware name/families perhaps?

[ssj100]

Perhaps if you can clarify your request you will have sample. Example of malware name/families perhaps?

I don't really know of any names or families. As I wrote, I'm more interested in malware of a certain kind of behaviour. One example would be Adobe Reader exploits which attempt to download and run executables to infect your system, just by double clicking the PDF file. If anyone has any live samples like that, I'd be grateful if you could link me to download them.

Another example would include Buffer Overflow exploits which attempt to harm your system (I think they all attempt to download and execute a further malicious executable) or to eg. disable SRP.

Further examples would be malware which can infect your system just by opening a .mp3 file or a .doc file (eg. via a macro).

[EP_X0FF]

Here is some pdfs for you.
and look here http://www.kernelmode.info/forum/viewto ... f=16&t=226

[ssj100]

Which version of Adobe would they work on? Thanks.

[EP_X0FF]

Have no idea, but they a fresh.

[ssj100]

Didn't seem to work with version 9.3.0 (this version is at least several months old). Wonder why it's so hard to purposefully get infected haha. Almost makes me wonder how people actually get infected in the first place (especially with a default-deny mechanism in place).

[Radovan]

Didn't seem to work with version 9.3.0 (this version is at least several months old). Wonder why it's so hard to purposefully get infected haha. Almost makes me wonder how people actually get infected in the first place (especially with a default-deny mechanism in place).

Step by Step:

1. Remove Adobe Reader 9.3.0, Install Adobe Acrobat Reader 8.1.0 (Also install JRE6U16 to be sure)

2. Go to http://www.malwaredomainlist.com/mdl.php

3. Visit some sites listed there with Firefox & all plugins enabled

4. Enjoy being infected :)

[ssj100]

Didn't seem to work with version 9.3.0 (this version is at least several months old). Wonder why it's so hard to purposefully get infected haha. Almost makes me wonder how people actually get infected in the first place (especially with a default-deny mechanism in place).

Step by Step:

1. Remove Adobe Reader 9.3.0, Install Adobe Acrobat Reader 8.1.0 (Also install JRE6U16 to be sure)

2. Go to http://www.malwaredomainlist.com/mdl.php

3. Visit some sites listed there with Firefox & all plugins enabled

4. Enjoy being infected :)

Thanks, but something more specific would be nice - eg. which exact site to visit and what is the expected malicious behaviour. I want to be able to reproduce the malware behaviour reliably.

[EP_X0FF]

try this one with unpatched IE/Adobe PDF.

pack of exploits ready to download

rezjure.co.cc/x/index.php