It’s fun to experiment with Malware from within a virtual machine. The only problem is getting the samples. You have to go to the MalwareDomainList, Malc0de Database, and CleanMX. Most of the PHP redirection malware don’t work and it’s a pain to get non-duplicate samples. I have found this nice way of obtaining hundreds of Zero-Day malware within less than an hour.
Download and install a copy of Backtrack 5 Linux
Install Python magic (apt-get update && apt-get install python-magic)
Download the MWCRAWLER script (
https://github.com/ricardo-dias/mwcrawler/) Right click the script, click properties, and under permissions check “Allow Executing File as Program”
Simply double click the script and it will download the samples to /opt/malware/unsorted/
Just rename the files under “PE32” to “.exe” (Use the Bulk Rename Utility)
Bulk Rename Utility - Free File Renaming Software
If any of you have enjoyed this or have a better way of obtaining samples please write below.
Pretty cool 8)
BackTrack 5 is a powerful tool and well worth the time learning Linux commands
Thanks for this post :-TU
As always be very careful when dealing with malware even in a vm:
You can never be absolutely sure about this…
Malware that can escape a VM is rare, but it does exist. I always tell people that they should only test malware on a machine they do not care about, because there is
always a risk! So use a machine that you don’t have problems wiping it if it becomes infected, or you have backups of the machine.
There is no way to completely isolate the VM from the host machine if you require networking, since the networking adapter provides a link between the two. NAT would be the safest mode to use.
You’ll also want to disable any file sharing between the VM and the host.
And this is likely obvious, but I feel I have to state it. Disconnect your host machine from your LAN so if it happens to become infected, it will not be able to spread to other machines on your network.
I see you are very prepared. My warning is for the less experienced users to be very careful when starting to play around with this.