Topic created on: April 18, 2008 12:44 CDT by
RemotePush 
.
Hi,
I have recently got back into RE and am looking for some targets to reverse engineer. I have been working my way through some of the crackme's on crackmes.de but would like to venture into analysing malware. So my questions are, does anyone know of any fairly simple malware examples I could look at, and secondly how can one get hold of new malware samples (short of trawling the net or setting up honeypots)?
Also, if anyone has any other ideas of targets to analyse apart from crackmes and malware it would be great to hear them.
Thanks,
RemotePush
* install your own honey-pot any kind (based on VM Ware for example), plug it into Internet (or, well, maybe, Intranet) and collect everything.
* create a new mail account on the site that doesn't have any AV (install a mail server on your box), publish the address everywhere and collect mail-worms.
there are thousands ways to get a lot of malware, but, unfortunately, you have to collect hundreds malware to find the one worth to analyze. nobody writes trickily malware today. well, almost, nobody.
btw, eDonkey has a lot of malware. just pretend you look for fresh warez. as you can see, some files have different names (see Info tab), that means you deal with a fake, and some fakes are natural malware (Rootkits or Trojan Horses).
in essence, malwary is: a simple program installing back-door or acting itself as rootkit, packed with exe-packer. so, are you really need malware to analyze it? analyze every packer/protector you only can get, analyze every rootkit-based program (Start-Force protection, Norton Utilities, Mark Russinovich's tools) they catch system calls and some of them try to hide.
key-loggers use a lot of malware tricks and (which is more important) they're legal. you can find the compare list here: http://keylogger.org/. it's very interesting to analyze stealth spies, so good lock and a nice research!
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}