How to properly test malware

Hello,

Here's an idea I have stated already in one of my other posts, now elaborated in detail. If anyone wishes to follow this through, they are more than welcome.

How can one really ascertain the effectiveness of an anti-X program?

Three setup machines, identical hardware + software, three different users. The machines should include relatively simple and standard setups, like Windows with updates from the last month, but not the latest ones, a two-way firewall, but nothing too complicated etc.

User 1 - total noob, user 2 - somewhat experienced, in the know, user 3 - very experienced

For a period of two weeks, three hours daily, the three guinea piglets will enjoy the Internet in the following manner:

- They will follow about a 100 links in a variety of browsers and email clients, some of which will link to real malware sites, but also benign and test sites.
- They will be required to download at least 10 programs on their own and install them, using their own skill to find the downloads and properly configure them, including tricky ones like codecs, java, flash, screensavers.
- They will have to use email, send and receive emails and interact with attachments and links.
- They will have to P2P.
- They will need to IM and chat and follow links.
- They will have to download a crack for some program.
- They will do some of their regular stuff.

All machines will be hooked up with registry, file, disk, and network analyzers.
Image snapshots before and after the experiment will be compared.
System errors and failures during the usage and such will be logged.
The user will be interviewed regarding their experience with the program daily.

I know this takes a huge amount of resources, but I don't see any other way of testing a gun that does not include real combat.

Any takers?

Mrk

 

What do you hope to achieve with this? Why not replicate some Virtual machines and pretend you're 3 different people.

 

Hello,
I do not hope to achieve this. I hope someone with resources will try. Pretend to be three people? It's hard being borderline demented as I am, pretending to be three will really push me over to the happy side.
Mrk

 

It's really, really, really hard to pretend that you're three different people.

Dave.

 

Hello,
Mike? Dave? I'm confused.
Mrk

 

No need to be confused Mrk - that's just how Kevin sometimes is

 

Super Response!

 

Hehe

It's not hard to be 3 people. All you players out there know what I'm talking about.

So about the topic at hand, I'd like to get a sample of a new trojan and test it out. The link to the story is here:
http://www.pcworld.com/article/id,134206-pg,1/article.html
But I've not been able to locate a sample. After getting the critter, I will be 3 different people and submitt the results.

 

1
2
3
4. Compromised Baseline Honeypot



(assuming 4 doesn't equal 1)

 

Long time no see, Czar.
Welcome back!
Mrk