Help me get infected!

I work for a computer repair shop and I see virus/spyware infections all the time. What I'm trying to do it set up a OS in a virtual machine, and when we go to hire a new technician have them remove the infections on said machine and see how they go about it.

Only problem is... I can't seem to get infected! I've tried the basics that I can think of... porn site, warez sites, clicking through stuff in my spam folder. I got nada (other then boring mywebsearch).

Can someone either point me in the right direction or send me a link to something that will get me one (or 12) of those fake antivirus/trojans? That new one "Windows XP Recovery / Restore" would be amazing.

Thanks guys for any help you can provide!

 

what i've tried before is going through my hosts file, after spybot search and destroy customizes it, and typing in the URLs into a virtualbox machine. Some of those sites were still alive and kicking, most weren't though. I didn't get any major infection though, but i also didn't go through every single host edit url either.

I may try it again in a bit, i'm kind of in the same boat as you except i'm not an employer

 

If someone DOES have a link, would it be OK to PM it to me? I can't believe how easily and often my customer get infected, yet while I'm TRYING to I can't. Kinda sad I think.

 

lol i think the same way

 

Tim, i've wondered, how come spywareblaster doesn't edit the hosts file, but spybot's immunization will? what techniques does spywareblaster use? where are these customizations being applied to, if not hosts. the SOFTWARE SECURITY files?

 

Thanks for the tips, unfortunately I'm well aware what people do that get them infected.... I just need to figure out WHERE they are doing it. Alas I may just go dig through my spam folder and click away

 

I PM'd a friend, he got a nasty IIS MBR frier and worse Apache killer. His site would have died. If he offers that then I'll send it to you if you wish. It all depends on the forum rules here which I won't break.

 

Yes please!

 

Please keep us updated!:-D What is the minimum deecent memory for a Windows7 VB? Can you do them ok on 2 gigs?

 

It will be slow but usable.

As to the keygen, the admin wisely got rid of it. Why keep that on one's server eh?:-D Once burnt, then you'll never burn me again!roflmao

 

can you send it to me as well?

 

Gawd, these 'infect me please' threads always give me migraines for some obscure reason.:confusedrolleyes:-D Go 'click happy too'.

 

Spycar.org will test your antivirus or antisyware against a series of tests.

 

Greetings, BlackZ2401.

One quick test for any potential technician would be to see if she/he can pass the "File .EXT" test: simply write a shutdown.exe batch file and rename the file to something else, such as .MP3 or .JPG. When the file is opened, the machine shuts down, simulating virus-like activity.

 

Nope, not gonna touch spycar, too involved.

 

Hello,
I received permission from an admin to post the following site. It lists many blocked malware domains.

A word of WARNING

You click this site at your own risk!!!

It is being posted only for this the purposes of this thread and for the OP.

Code:

http://www.malwaredomains.com/

 

also, change the host table. Have the host table point google.com, yahoo.com, msn.com, bing.com to a random site that you choose.

Not getting their answers can be a laugh. heh.

I know of a few other things that can mess with ppl.

 

When the malware removal forum explodes, we'll know why. :-D

 

I don't think that will happen here any time soon. :-D

 

lol thanks

 

Well... I could've chosen different words. I meant that when the malware forum's ACTIVITY explodes from its current flow rate, we'll know why.

 

I hope I never see the Activity day. Soundsa likea pasta disha k?:cry:-D

 

As a tech myself, I too have been looking for a known infectious site. Since I never found one, I ended up storing some known rogue EXE files on a flash drive. I booted to a PECD, located the rogue files, and copied 'em to a flash drive before deleting 'em from the hard drive. I now have a flash drive with about 50 different rogue/infectious EXE files. All I have to do is copy 'em to the SYSTEM32 folder, or the %username%\Local Settings\Application Data folder, or the %username%\AppData\Local (or Roaming) folder and then double click 'em to get them to fully install and hijack the PC.... yeah it sucks, but sometimes it MUST be done....

 

I just went to the site mentioned in post #24 above - EXCELLENT list of bad sites! I have bookmarked it and will be adding their lists to my hosts file.... kind of off topic, but does SpywareBlaster use these lists? I know SpywareBlaster does NOT use the hosts file, so I'm kind of wondering how SpywareBlaster goes about blocking sites.... but I guess that's for a new, different thread.

 

I think i've recalled seeing Spywareblaster using what appears to be a couple of the config files, like SOFTWARE SECURITY, but that's just an observation. i've checked their forums in the past and came up empty. would like to understand how that program works.

 

http://www.bleepingcomputer.com/forums/topic92857.html

Cheers..

 

Isnt there a way to, look up 'how to write viruses', and you go into these sites and get infected? Or was it hacking sites? maybe google scriptkiddies?

 

roflmao Good ideas man! This thread feels more and more like a link hunter looking for some fodder.

 

Definitely look into getting Yahoo chat booter progz, hotmail hacking progz, etc.

Also, find pr0n sites that want to install a special codec to view their naughty videos.

 

A friend of mine got infected by downloading a "movie" from an very public torrent site (I think it was PirateBay). The movie was something that hadn't hit the theatre yet, but this download was supposed a BluRay rip of a brand new movie. Upon trying to play it, he got this message saying "click this link to install 'ultra-groovey media player' to watch this excellent rip from 'goofy-pirate-group'". So he clicked the link, and BAM!!! He immediately had 3 different "antivirus and system repair programs" reporting that he a bazillion infected files, registry problems, the hard drive had "critical errors", and all he had to do to fix everything was to submit a credit card number and accept the $69 fee and the PC would be "fixed". Luckily, he called me before "purchasing" the "software" and read to me exactly what was on-screen. I said "STOP!! DO NOT TYPE ANYTHING! DO NOT CLICK ANYTHING! TURN OFF THE PC!". 4 hours later, I had de-virused the PC..... uhhhh.... where was I going with this? Oh yeah- torrent sites can be a good source of rogue-ecs (like "codecs" but they're rogue) and malware in general...

BE CAREFUL!!!

 

Yup dlb, social engineering at it's best!:mad Shouldn't people be smarter than this?:confused Then again, people pay for roofing jobs that never happen. *sigh*