Re: Collecting Malware

[Aarón Mizrachi <unmanarc () gmail com>]

On Jueves 16 Julio 2009 07:44:01 Brian Pohlman escribió:
> I'm looking to get "spammed" or "attacked" so to speak for the purpose
> of collecting malware for analysis. I've set up a few vulnerable
> machines on my network, made some changes to my router to expose those
> machines. I've also signed up for various email addresses in hopes
> that something comes (malicious attachments) through that way. My
> question is, what is the best way to collect malware, if there is even
> one solid method?

well, you can use honeypot/honeynet project (already suggested).
Another option is download it from the web: http://vx.netlux.org/vl.php

And also you can use your way using phys or virtual machines, but be careful. 
Virii/Malware experimentation could be illegal in some states/countries, even 
for study/research purposes, having a virii stuff could be illegal. 

Be careful also on restrict the outgoing traffic by firewall rules. You could be 
banned from your ISP if your stuff is trying to propagate outside your walls.

---------------

i also suggest to have multiple ip addresses with different provider. It is 
relative to the spread method used by the malware, but, having more ip's is a 
good way to speed up the recollection.

Also, you can recollect it on "quarantine basket" from antivirus protected 
computers. Usually, the best place to find a lot of virus is a "cyber coffee". 
You can talk with a cyber administrator to collect the malware. (Well, it 
depends on your country, in mine is a popular internet access method)

----------------

Despite some people who thinks that having a stuff is a serious offense, i think 
that our job is to protect the network, but, if we don't know the enemy, how 
can you protect the net? be blinded is not so useful when you are planning a 
strategy against some threat.

> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your Apache
> web server. Throughout, best practices for set-up are highlighted to help
> you ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f72
> 7d1 ------------------------------------------------------------------------

-- 
Ing. Aaron G. Mizrachi P.    

http://www.unmanarc.com
Mobil 1: + 58 416-6143543
Mobil 2: + 58 424-2412503
BBPIN: 0x 247066C1

Attachment: signature.asc
Description: This is a digitally signed message part.