For my Malware Research I need samples of the following two kinds of Malware(description from Peter Szor's book). Please give me the names or samples of any of them,




Thanks.

Seriously either you are dumb,retarted or...
Asking malicious programs are lame

Have I been living under a rock, or is that the first time everyone else has heard malware called "octopus" and "rabbit"?

Go email SARC or Grisoft or someone, I'm sure it won't be hard to get virus samples for legitimate research.

Just give me the names at least (that is, if you know of any). I need 'em just for the completeness of the research project of mine.


Probably yes because they are mentioned in the best book on AV research out there. (The Art of Computer Virus Research And Defence by Peter Szor).


Done. I think that you probably know that it is "not hard" to get virus samples or sources these days. What is hard is to get the samples of these exotic viruses. Thus the post.

Anyways, Thanks for replying.

FYI, many terms in Szor's book (such as "octopus" and "rabbit" in the context above) are very outdated and no longer used in the AV industry. And for what it's worth, I've never seen any real-world malware that acts in those ways.

I hadn't seen exactally that sort of behaviour either, but I have seen things simular to http://www.codeproject.com/KB/cpp/VirusProtect.aspx what's described there as Robin Hood and Friar Tuck. It's a real pain to debug, as they wont run in a VM, they never let a real debugger see what's going on (multiple threads egress/ingres the mal payload on createdebugobject req). The best way I found to analyze these things at run time was using more of a profiling application like procmon. Statically, I have a databased archive of every md5 of every file I have, and also every 512bytes and every PAGE_SIZE, helps when analyzing physical-memory captures or pagefile/disk images.

Advanced functionality is becomming more common these days. Multiple command&control techniques/packers/anti-eng, somtimes compleatly new others variations on a theme. I've also noticed a rise in NAT traversial communication methods being used.

I dont know why asking for code is lame, but you can get a ton at http://vx.netlux.org, also just browse the internet with English (dont use chineesiese as some site's wont infect you) XP0, your sure to have a few dozen malware's on your system in a matter of hours. I guess advanced mal/virii is a bit more of a gamble, netlux.org only has 1 entry for 2008, but you are sure to bet that while attempting some industrial esponiage or whatever, the red army's of the world will be using home/dsl/cable proxy's for some of thire assult. So just keep your system infected, and watch for something interesting. Oh ya, change your local system's domain name to something interesting, maybe laptop-41432.uber.secret.research.and.development.com