Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Buying Web Malware Samples
From: Cal Leeming <cal () foxwhisper co uk>
Date: Wed, 9 Mar 2011 20:20:54 +0000

Oh, just a side note, there is probably some term somewhere in the TCs/AUP
of the anti virus you are using, that states you will be sued by over 9000
lawyers if you do this. I'd strongly recommend seeking legal advice before
hand lol.

On Wed, Mar 9, 2011 at 8:15 PM, Cal Leeming <cal () foxwhisper co uk> wrote:

It sounds like you are looking for drive by kit samples.

Why not just write your own crawler? Find an AV (which has drive by kit
detection and passive scanning), check to see how many requests you can send
to it per minute, then pipe in a shit load of random URLs based on crawled
links from ads (ads links are the most common for having drive by kits), see
which requests were blocked, and queue them for mirroring later.

Some AVs will do drive by kit detection without needing to call a remote
API, which would be quite nice.

Obviously, the AVs aren't going to give you a nice API which you can call
directly, so there would be some tinkering and possibly memory injection
involved.

This approach isn't exactly going to have a high hit rate, and you will
still need to de-obfuscate / decompile and analyse any malware you find, but
it'd be a giggle either way.

There's probably a better way of doing it, but this would certainly be fun
to make :D

On Wed, Mar 9, 2011 at 7:56 PM, John Harwold <johnharwold () gmail com>wrote:

0. ) I need that malware for research stuff.

1. ) There is no way for me to prove that I'm speaking truth.

2. ) What's wrong with gmail address?

3. )  500$ offer is still active.


Sincerely,
J.H.



On Wed, Mar 9, 2011 at 8:23 PM, Cal Leeming <cal () foxwhisper co uk> wrote:

Actually, just out of curiosity, why do you need to purchase malware
samples?

On Wed, Mar 9, 2011 at 7:19 PM, Cal Leeming <cal () foxwhisper co uk>wrote:

1) You are requesting this from a gmail address. Not a good look.

2) You aren't representing yourself as a company entity, which indicates
you might want this malware for malicious purposes.

3) Looks like you're trying to bullshit tbh.

Just my two cents.

On Wed, Mar 9, 2011 at 6:34 PM, John Harwold <johnharwold () gmail com>wrote:

I need (JS/PDF/HTML/Exploit) malware samples, and I'm not a cheater.
If I say that I'll pay 500$ for best submission, I'll pay 500$ for it.

I won't pay before I see the stuff.
I don't want to pay 500$ for big zip file with garbage in it.

Best submission will be rewarded with 500$. That's it.
If you have what I need, and you are not satisfied with this
arrangement, find a way in which we'll both be satisfied...
give me access to place where I can inspect them or something like
that.

Sincerely,
J.H.


On Wed, Mar 9, 2011 at 7:21 PM, McGhee, Eddie <Eddie.McGhee () ncr com>wrote:

 Yes lets all send out malware samples and *hope* you actually pay
the best submission, tell you what send me the $500 and ill send you a
pretty comprehensive tar full of samples.


 ------------------------------
*From:* full-disclosure-bounces () lists grok org uk [mailto:
full-disclosure-bounces () lists grok org uk] *On Behalf Of *John
Harwold
*Sent:* 09 March 2011 16:35
*To:* full-disclosure () lists grok org uk
*Subject:* [Full-disclosure] Buying Web Malware Samples

Hi folks,

I'm buying web malware samples... obfuscated malicious javascript, web
exploit kits, pdf malware, browser/activex exploits, etc.
I'm not interested in executable (PE/ELF) malware.
Contact me on email with download URL, or send ZIP/TAR/RAR malware
archive directly to my email (with changed archive extension to .MAL because
of gmail filtering).

After two weeks, contributions will be revisited and person with
largest collection of real web malware will receive prize of 500$.

Bye,
J.H.




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/






_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault