Malware Collections

Discussion in 'malware problems & news' started by whitedragon551, May 15, 2010.

Thread Status:
Not open for further replies.
  1. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    Im testing Sunbelt VIPREs detection rate. Ive found one archive of 6500 samples from 2008 and before and so far its not so good. All the files are 100% virus/malware and there is 0% chance of a false positive so what ever isnt detected will be submitted to them.

    With default settings out of 6,345 files, VIPRE detected 3385 samples, leaving behind 2,960 infections. Total detection rate so far is 46.65%.
     
  2. guest

    guest Guest

    Probably from SSupdater
    There is too many dead malware on this file.
    All anti-malware vendors has this file, many user submitted it many times.
    Maybe i am wrong, but i remember SSupdater posts, "do it yourself"...
     
  3. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    So SSUpdater is a site?

    I dont care if the files are detected or not. Im looking for large collections of 5,000+ that I can scan against and test the detection rate of VIPRE. What ever it doesnt detect Ill submit to Sunbelt.
     
  4. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai

    Yeah many are dead I also tested their samples against many AV and not every files was detected despite being so old.
     
  5. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    What is he talking about? I dont understand. o_O
     
  6. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    What didn't you understand:)
     
  7. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    This. Is SSUpdater a website with a collection database I can download?
     
  8. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    They have some DIY malware collections for people to test their AV's :rolleyes:
     
  9. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai

    You can download those malware samples if you want just sign in their forums:)

    NOTE: They have outdated samples so possible you may search from MDL for your testing:)
     
  10. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
    Whats MDL? Can you PM me a link? I know we arent supposed to post the links in the forums. They dont have collections at MDL and its forbidden in the rules to ask for collections.

    Wow thanks. Now where do I find them. Google isnt helping.
     
    Last edited: May 16, 2010
  11. Buster_BSA

    Buster_BSA Registered Member

    Joined:
    Nov 29, 2009
    Posts:
    560
    Nowadays the problem with malware collections is they take a lot of space so it´s a problem finding a place to host them and also it´s a problem the required time to upload.

    A collection with just a few samples (around 5000) can take easily over 1 GB.
     
  12. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    Just write SSupdater and you will find it:)
     
  13. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    MDL is great, but I have not automated tools to collect samples from there. It takes a lot of effort to grab every sample from there. :p
     
  14. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    ~~ post moderated - inappropriate request removed ~~
     
    Last edited by a moderator: May 16, 2010
  15. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    I have 5995 Unique samples (Some Bit Old) and it takes about 350 MB...I haven't added my March, April and Latest May samples in it...:)

    All these malwares are renamed by me according to their MD5...:)
     
  16. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    Perhaps we should open up our own site with collected malware samples for testing purposes only. :p
     
  17. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    By the way how you guys keep your samples safe?

    I keep them safe by using the trailing steps:-

    1. At first i change their name with their MD5 and convert them into non-executable format.
    2. After that, i put all of them into RAR file with Password Protection.
    3. After putting them into RAR file, i change the RAR file extension to .RA_
    4. After changing the extension, i again put them into another RAR folder with Different Password.
    5. And if necessary i put it into ISO file, and burn into CD or DVD.

    Please share your steps....It will be helpful for all of us..:D
     
  18. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    That would be an excellent "IDEA" :D

    An IDEA can change your LIFE !!
     
  19. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    I'm a tad bit more rock 'n roll when it comes to storing malware samples. I just archive them in .rar with a secure password. :)
     
  20. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Oh man !! You are really daring person ....
     
  21. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    You bet! :cool:
    As I am the only person using this computer I must be hardcore rock n roll! :)
    Anyhow, I'm going to test Immunet 2.0 when it's pre-released within a few hours. Going to do all sort of weird stuff to it. I'm going to crash it totally until it's stable. Gonna be epic.
     
  22. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
  23. icr

    icr Registered Member

    Joined:
    Sep 6, 2008
    Posts:
    1,588
    Location:
    Mumbai
    I encrypt them and that is it.
     
  24. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    BTW have you received the Link of Immunet 2.0?
     
  25. AvinashR

    AvinashR Registered Member

    Joined:
    Dec 26, 2009
    Posts:
    2,060
    Location:
    New Delhi Metallo β-Lactamase 1
    Encrypt? Which encryption software you use?
     
Loading...
Thread Status:
Not open for further replies.