Full Disclosure mailing list archives
Re: Buying Web Malware Samples
From: Cal Leeming <cal () foxwhisper co uk>
Date: Wed, 9 Mar 2011 20:15:05 +0000
It sounds like you are looking for drive by kit samples. Why not just write your own crawler? Find an AV (which has drive by kit detection and passive scanning), check to see how many requests you can send to it per minute, then pipe in a shit load of random URLs based on crawled links from ads (ads links are the most common for having drive by kits), see which requests were blocked, and queue them for mirroring later. Some AVs will do drive by kit detection without needing to call a remote API, which would be quite nice. Obviously, the AVs aren't going to give you a nice API which you can call directly, so there would be some tinkering and possibly memory injection involved. This approach isn't exactly going to have a high hit rate, and you will still need to de-obfuscate / decompile and analyse any malware you find, but it'd be a giggle either way. There's probably a better way of doing it, but this would certainly be fun to make :D On Wed, Mar 9, 2011 at 7:56 PM, John Harwold <johnharwold () gmail com> wrote:
0. ) I need that malware for research stuff. 1. ) There is no way for me to prove that I'm speaking truth. 2. ) What's wrong with gmail address? 3. ) 500$ offer is still active. Sincerely, J.H. On Wed, Mar 9, 2011 at 8:23 PM, Cal Leeming <cal () foxwhisper co uk> wrote:Actually, just out of curiosity, why do you need to purchase malware samples? On Wed, Mar 9, 2011 at 7:19 PM, Cal Leeming <cal () foxwhisper co uk> wrote:1) You are requesting this from a gmail address. Not a good look. 2) You aren't representing yourself as a company entity, which indicates you might want this malware for malicious purposes. 3) Looks like you're trying to bullshit tbh. Just my two cents. On Wed, Mar 9, 2011 at 6:34 PM, John Harwold <johnharwold () gmail com>wrote:I need (JS/PDF/HTML/Exploit) malware samples, and I'm not a cheater. If I say that I'll pay 500$ for best submission, I'll pay 500$ for it. I won't pay before I see the stuff. I don't want to pay 500$ for big zip file with garbage in it. Best submission will be rewarded with 500$. That's it. If you have what I need, and you are not satisfied with this arrangement, find a way in which we'll both be satisfied... give me access to place where I can inspect them or something like that. Sincerely, J.H. On Wed, Mar 9, 2011 at 7:21 PM, McGhee, Eddie <Eddie.McGhee () ncr com>wrote:Yes lets all send out malware samples and *hope* you actually pay the best submission, tell you what send me the $500 and ill send you a pretty comprehensive tar full of samples. ------------------------------ *From:* full-disclosure-bounces () lists grok org uk [mailto: full-disclosure-bounces () lists grok org uk] *On Behalf Of *John Harwold *Sent:* 09 March 2011 16:35 *To:* full-disclosure () lists grok org uk *Subject:* [Full-disclosure] Buying Web Malware Samples Hi folks, I'm buying web malware samples... obfuscated malicious javascript, web exploit kits, pdf malware, browser/activex exploits, etc. I'm not interested in executable (PE/ELF) malware. Contact me on email with download URL, or send ZIP/TAR/RAR malware archive directly to my email (with changed archive extension to .MAL because of gmail filtering). After two weeks, contributions will be revisited and person with largest collection of real web malware will receive prize of 500$. Bye, J.H._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Buying Web Malware Samples John Harwold (Mar 09)
- Re: Buying Web Malware Samples McGhee, Eddie (Mar 09)
- Re: Buying Web Malware Samples John Harwold (Mar 09)
- Re: Buying Web Malware Samples Cal Leeming (Mar 09)
- Re: Buying Web Malware Samples Cal Leeming (Mar 09)
- Re: Buying Web Malware Samples John Harwold (Mar 09)
- Re: Buying Web Malware Samples Cal Leeming (Mar 09)
- Re: Buying Web Malware Samples Cal Leeming (Mar 09)
- Re: Buying Web Malware Samples Valdis . Kletnieks (Mar 09)
- Re: Buying Web Malware Samples John Harwold (Mar 09)
- Re: Buying Web Malware Samples Eyeballing Weev (Mar 09)
- Re: Buying Web Malware Samples Nicolai (Mar 10)
- Re: Buying Web Malware Samples McGhee, Eddie (Mar 09)
- Re: Buying Web Malware Samples Gino (Mar 10)