Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

How?


Comprev
 Share

Recommended Posts

What about a thread where malware hunters and rogue reporters could share information and resources? Both to help each other improve and (maybe) to recruit new hunters? Probably not here in the open though, but in the Honorary Members section.

What do you think?

I second that motion L00N3R, I thought you guys had a private room of your own guess not :D

I agree Haider only get involved if your real sincere about joining the cause great caution must be exercised when harvesting a live malware sample,one slight mistake in your in for a real nightmare & a lot of headaches.

Link to post
Share on other sites

Being well prepared is the key to collecting. Often attempting to gain samples will result in infections if you are not properly prepared. :D

Tools to use:

1. Virtual Machine(Virtualbox, Virtual PC or VMware).

2. Sandboxie or similar program to secure your browser and test files.

3. Returnil or other virtualization tool to remove changes easily.

4. Linux OS's like Ubuntu setup on a dual boot system(switching between on computer startup).

Link to post
Share on other sites

I don't think you can google "Gimme a rogue, I need to figure out what its files are :) "

I do not mean to sound taunting but honestly, it is surprising how much malware Google can lead unsuspecting victims to. If you have looked at the last couple dozen of my posts, most of those samples were collected as a result of searching on Google.

Link to post
Share on other sites

I do not mean to sound taunting but honestly, it is surprising how much malware Google can lead unsuspecting victims to. If you have looked at the last couple dozen of my posts, most of those samples were collected as a result of searching on Google.

I agree. Google results tend to lead into the abyss. Who knows what you'll find. :)

Link to post
Share on other sites

I agree. Google results tend to lead into the abyss. Who knows what you'll find. :)

Well now I think you are making Google seem worse than it is. Most Google search results are benign. However, and there are paterns in the search results, but there are many compromized websites that lead to rogues and exploits if the referrer is Google. Google does a moderately good job of marking these malicious websites as being harmful. I think they could do a better job in my opinion..

Link to post
Share on other sites

Well now I think you are making Google seem worse than it is. Most Google search results are benign. However, and there are paterns in the search results, but there are many compromized websites that lead to rogues and exploits if the referrer is Google. Google does a moderately good job of marking these malicious websites as being harmful. I think they could do a better job in my opinion..

Possibly yes. But Google sometimes does have complete garbage sites at the top of the list. They do often have good sites, but it really depends on what you search. Which could result in getting infected if not careful(paid sites on the right/top often concern me).

Link to post
Share on other sites

Start doing anything on the Internet that some major group considers immoral (porn, trying to get free copyrighted music, etc) and you'll find some malware eventually.

There are actually "tricks of the trade" that I'm not allowed to disclose (I don't know most of them, so that help with the not disclosing thing) that make it easier, although there's never any guarantee that you will find something.

Also, there's a ton of e-mails floating around with viruses in them (such as those fake UPS/DHL shipment notification e-mails with the virusy attachment). Fortunately, the more people who are looking for malicious stuff, the more we have to analyze. Just be careful, don't run as admin while doing it, use a virtual machine when available, or Linux/MacOS if you have one of them available, use third party browsers (Opera, Firefox, SRWare Iron, Chrome, etc) to minimize the risk of browser exploits, and always make sure that you do not run the virus unless you are prepared to clean up a mess.

Also, before submitting viruses to everyone, make sure to scan it with each anti-virus software from each vendor you intend on sending the sample to. While you will currently have to do this manually with Malwarebytes' Anti-Malware, note that websites like VirusTotal, VirSCAN, and Jotti's malware scan will scan the file for you with a number of different anti-virus softwares from a number of different vendors.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.