* Home Help Search Login Register  

Welcome, Guest. Please login or register.
Did you miss your activation email?
May 25, 2013, 05:13:37 PM

Login with username, password and session length

664081 Posts
70634 Topics
153530 Members
Latest Member: foedela

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Learn about Computer Security and Interact with Security Experts
| |-+  General Security Questions and Comments
| | |-+  Malware Testing Query		 « previous next »
Pages: 1 [2] Go Down Print
Author Topic: Malware Testing Query  (Read 6740 times)
spainach_12
Comodo's Hero
*****
Offline Offline

Posts: 457
« Reply #15 on: May 02, 2012, 07:39:22 PM »
kail is correct in saying there are far too many unknowns. For starters, what are the security constants of the XP system? Oh, and soft-disconnection of the XP system (that is, to disconnect via the network manager only) does not prevent malware from going out, trust me on that one. It happened here. And I agree with kail that using wireless exposes others to threats. If it happened here, I don't see why it shouldn't happen to others.

Formatting does not eliminate all malware. Some of them still manage to reside in the MBR or if you're using the XP installer to format, escape deletion somehow (not sure how this was possible, but active remnants of sixteen malware remained after a complete format).

My advice is to run Linux with LXDE environment (for minimal system resources), install a VM if it works then run the testing there. Avoid any other browser but IE and force it in a sandbox before testing. That should pretty much minimize the damage.

Having one system turned off prevents infection from spreading, but if it were using wireless, the infected system exposes other systems to threats.

I'd like to share how I used to do my testing (I no longer do tests). See if you can get anything from it:

What I need:
Bootable Linux USB
GParted
Hiren's BootCD
1 Linux
Dual-boot XP's: FAT32 and another with NTFS. I'll refer to them as XP1 and XP2)

XP1 has FAT32 file system, Sandboxie, and whatever suite I'll be testing, ProcessHacker, Unlocker
XP2 has NTFS file system with custom file permissions for particular folders, LUA+EMET+Wondershare Time Freeze 2, Easy File Locker, Unlocker, Sandboxie+BSA, and my preferred security setup

1. Before running tests, make sure that the AV (I'm assuming you're testing a suite or an av) is already updated.
2. Download the samples via Linux and archive them to keep them from running. Copy them on the XP system
3. In the XP system, I have Sandboxie installed  and force IE to be Sandboxed whenever it is run.
4. Final updates before extraction. Turn off the wireless router.
5. Extract and run EACH malware in an isolated folder (I mean to say in a folder of its own). This is strenuous and time-consuming, but it allows you to identify which went undetected. This will be helpful in tracking it down later.
6. List down detected and undetected malware. Undetected malware are copied from the Linux built and analyzed via ThreatExpert/Sandboxie+BSA (if upload fails). Behavior is analyzed and logged in a text file. Copy the text file to the bootable USB.
7. Boot from the Linux USB and manually remove remnants. (Do this while still possible. You don't want errors while formatting. Too time-consuming and wears out your patience and hard drive.)
8. Reboot to confirm activity. If no activity is traced, proceed to formatting and reinstallation.

I had no trouble with this setup before.
Logged
If you want to change the system, you need to learn how to break it.

Windows 7 Starter dualboot PeppermintOS | Windows Firewall | NTFS File Permissions | Commandline | Common Sense
Tags:
Pages: 1 [2] Go Up Print 
« previous next »
Jump to:  

SSL Certificate Free Virus Removal Firewall
Page created in 0.044 seconds with 21 queries.
Powered by SMF 1.1.18 | SMF © 2006, Simple Machines Design by 7dana.com