Virus Samples

I am doing a magazine article on virus scanners, and I would like to test them with a lot of samples, I already have the infrastructure for scanning in place, but I only have ~16 samples. Where can I get some more?
LVL 5
mnb93Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

war1Commented:
Greetings, mnb93 !

Here are some harmless virus for testing your antivirus protection
http://www.webmail.us/testvirus

Best wishes!
0
freshprince27Commented:
Here are some additional version of the virus sample, EICAR http://www.thepcmanwebsite.com/virus_test.shtml.  They have they original version of the virus sample, a text version, a zip version, and a double zipped (very hard to detect).  Best of luck.
0
mnb93Author Commented:
Though to my knowledge EICAR is only a test spec. They put chars (and some whitespace) at the start. I need some real samples. Ones that do damage, I have 3000 now, however I would like more. I am a Security Expert, thus will be handling these samples on a red machine.
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

RartemassLife CoachCommented:
You can try visiting some dodgy websites.  I know that www.crackz.ws installs tones of viruses if you go there in IE
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
yuriskCommented:
This one is the most known and has the biggest collection of viruses, mostly old and
 all are (at least should be) easily identifiable by modern antiviruses. This would be
 enough to test to compare various products. You can check those products for
 how many viruses thay can handle simultaneously, user interaction in disinfection, and anything else you want to test to write an article.
http://vx.netlux.org/

EICAR isn't a virus at all, of course, the only thing it can check is whether the antivirus
is loaded and running. When you try to access this EICAR any running AV should
 fire an alarm. www.eicar.org

PS I wouildn't be surprised if the thread got deleted - topic of viruses is always a sensitive issue.

0
mnb93Author Commented:
Yeah, but I don't see how me getting binaries of a virus mean much... Though I could decompile it, but anyone who knows how to do that, is smart enough to build one.
0
yuriskCommented:
Well, then go ahead and tell us what you DO want (you don't want
 viruses in binary , but have collected so far "3000 now" in, of
course , binary form. Neither it seems you want them in source
code ,the site I cited has them as well), telling what the end goal of search for viruses is would certainly help.

"Red machine" ? ... hm,have never heard of such thing before.
0
mnb93Author Commented:
"Red Machine" === My term for a  redundant machine, that is only used for "evil stuff".
"what you DO want" Sorry if I confused anyone, I was meaning that I would like binaries, I do not really care that much about source code... (vbs doesn't count :))
End Goal, testing many AV solutions for a mag review.
0
Tim HolmanCommented:
www.metasploit.com, tcpreplay, and get hold of live pcaps of viruses by sticking a Windows XP machine running as much as possible (ie all services enabled!) directly onto the Internet, run Ethereal, and start pulling off pcaps of viruses that are actually out there, and relevant.
Why bother testing scanners with old viruses?  It's the ones that are out there NOW that matter...  :)
0
yuriskCommented:
Starting from the end - have a look at available antivirus related articles on the Internet,
you won't find anyone trying to inundate test PCs with thousands and thousands viruses
to say something like -"Hey, I've tested Alpha AV and it missed 12345 viruses, but Beta AV
missed  1234567 viruses, so Alpha rocks, Beta sucks". BEcause it has been a decades-long topic of
 heated discussions - "How to reliably test AVs, and compare between them" and as of now it ended up in nothing. IBM, Intel etc. tried to participate in this but eventually gave up. So, there's no
point to try and gather as many as possible viruses for this purpose.

PS Don't try what tim_holman wrote at home, he must have been joking ;). Maximum you can get this way is either being hacked or being infected with worm that will inevitably flood your Internet
connection with itself and your PC'll become a source of contamination with all due consequences.
Not to mention tcpreplay is available on Linux only .

PS1 Suggestion. If you still want to write comparative AV related article , concentrate on user
 experience with different vendors. E.g. how much does it take to scan the same 120 Gb disk with different AVs? How responsive the system during scaning is? How helpful messages generated by AV for the user are? Does it scan inside archived files (rar,zip,...)? Does it integrate with e-mail client? etc.,...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.