Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 479
  • Last Modified:

Virus Samples

I am doing a magazine article on virus scanners, and I would like to test them with a lot of samples, I already have the infrastructure for scanning in place, but I only have ~16 samples. Where can I get some more?
3 Solutions
Greetings, mnb93 !

Here are some harmless virus for testing your antivirus protection

Best wishes!
Here are some additional version of the virus sample, EICAR http://www.thepcmanwebsite.com/virus_test.shtml.  They have they original version of the virus sample, a text version, a zip version, and a double zipped (very hard to detect).  Best of luck.
mnb93Author Commented:
Though to my knowledge EICAR is only a test spec. They put chars (and some whitespace) at the start. I need some real samples. Ones that do damage, I have 3000 now, however I would like more. I am a Security Expert, thus will be handling these samples on a red machine.
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

RartemassAuthor, martial arts coach, IT ConsultantCommented:
You can try visiting some dodgy websites.  I know that www.crackz.ws installs tones of viruses if you go there in IE
This one is the most known and has the biggest collection of viruses, mostly old and
 all are (at least should be) easily identifiable by modern antiviruses. This would be
 enough to test to compare various products. You can check those products for
 how many viruses thay can handle simultaneously, user interaction in disinfection, and anything else you want to test to write an article.

EICAR isn't a virus at all, of course, the only thing it can check is whether the antivirus
is loaded and running. When you try to access this EICAR any running AV should
 fire an alarm. www.eicar.org

PS I wouildn't be surprised if the thread got deleted - topic of viruses is always a sensitive issue.

mnb93Author Commented:
Yeah, but I don't see how me getting binaries of a virus mean much... Though I could decompile it, but anyone who knows how to do that, is smart enough to build one.
Well, then go ahead and tell us what you DO want (you don't want
 viruses in binary , but have collected so far "3000 now" in, of
course , binary form. Neither it seems you want them in source
code ,the site I cited has them as well), telling what the end goal of search for viruses is would certainly help.

"Red machine" ? ... hm,have never heard of such thing before.
mnb93Author Commented:
"Red Machine" === My term for a  redundant machine, that is only used for "evil stuff".
"what you DO want" Sorry if I confused anyone, I was meaning that I would like binaries, I do not really care that much about source code... (vbs doesn't count :))
End Goal, testing many AV solutions for a mag review.
Tim HolmanCommented:
www.metasploit.com, tcpreplay, and get hold of live pcaps of viruses by sticking a Windows XP machine running as much as possible (ie all services enabled!) directly onto the Internet, run Ethereal, and start pulling off pcaps of viruses that are actually out there, and relevant.
Why bother testing scanners with old viruses?  It's the ones that are out there NOW that matter...  :)
Starting from the end - have a look at available antivirus related articles on the Internet,
you won't find anyone trying to inundate test PCs with thousands and thousands viruses
to say something like -"Hey, I've tested Alpha AV and it missed 12345 viruses, but Beta AV
missed  1234567 viruses, so Alpha rocks, Beta sucks". BEcause it has been a decades-long topic of
 heated discussions - "How to reliably test AVs, and compare between them" and as of now it ended up in nothing. IBM, Intel etc. tried to participate in this but eventually gave up. So, there's no
point to try and gather as many as possible viruses for this purpose.

PS Don't try what tim_holman wrote at home, he must have been joking ;). Maximum you can get this way is either being hacked or being infected with worm that will inevitably flood your Internet
connection with itself and your PC'll become a source of contamination with all due consequences.
Not to mention tcpreplay is available on Linux only .

PS1 Suggestion. If you still want to write comparative AV related article , concentrate on user
 experience with different vendors. E.g. how much does it take to scan the same 120 Gb disk with different AVs? How responsive the system during scaning is? How helpful messages generated by AV for the user are? Does it scan inside archived files (rar,zip,...)? Does it integrate with e-mail client? etc.,...

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now