Jump to content


Photo

Need spyware recommendations!


  • Please log in to reply
11 replies to this topic

#1 snissen

snissen

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 20 November 2004 - 11:49 PM

In a couple of weeks, I'm teaching a class where I work on spyware recognition and removal. Next week, I set up a VMware virtual machine I want to infect with several different spyware programs, so I can demonstrate different removal techniques and packages.

So, I want a recommendation of several spyware programs to infect the virtual machine with! I'm starting, I think, with KaZaa, Grokster, Morpheus, and maybe BearShare. I also need something persistent enough that it takes a Safe Mode boot, or even booting from a CD, to remove it (CoolWWWSearch?). Any other recommendations?

Finally, I need one or more Web sites where, using Internet Explorer without popup protection, I know I can get a "drive by" spyware infection. (I'm looking for benign stuff, not pornography.) I have no ideas on this; any recommendations?

I'm a Windows expert, but have been careful enough not to experience any spyware infections myself, so this is new territory for me. Any help will be appreciated. Sande

#2 jedi

jedi

    aequam memento rebus in arduis servare mentem

  • Retired Staff
  • PipPipPipPipPip
  • 15,830 posts

Posted 21 November 2004 - 01:31 PM

If you want 'drive-by-download' infections and don't (understandably) want to look at porn sites, try music lyric download sites, they are loaded with them. (If I remember right this is one of them, www.lyricsdownload.com, but Googling around should get you there)
If you want specific Adware, Zilla Connection Accelerator comes bundled, will load registry entries, files, the full set.

For Coolwebsearch try this domains list, http://users.skynet..../CWSdomains.htm
but although you can avoid the obvious porn ones, there's no guarantee you won't have to look at questionable sites.

Edited by jedi, 21 November 2004 - 01:37 PM.

jedi

My help is free, but if you wish to help keep these forums running please consider a donation, see This Topic for details.

#3 OSC

OSC

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 397 posts

Posted 21 November 2004 - 01:56 PM

Hmmm. I know there was a link that Budfred used in another thread for "spyware sites" but I can't find where it is. A good non-porn one is "hxxp://www.nodq.com" (link removed). Pushes out Gator, internet optimizer, bargains, etc. The rest of the ones I have are mostly porn related.

Hope that helps a little.

#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,574 posts

Posted 21 November 2004 - 03:43 PM

There is a thread in Boot Camp where there are many links and ideas about this... Since you are a Trainee, you can access that, but I do not want to post the link here since this is a public forum and most people can't access it...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#5 snissen

snissen

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 21 November 2004 - 07:56 PM

Thanks to you all. This is very helpful.

#6 Captain

Captain

    Member

  • Full Member
  • Pip
  • 15 posts

Posted 22 November 2004 - 12:34 AM

DAP, Downloaad Acclerator Plus is a program packed with spyware, just a suggestion

#7 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 23 November 2004 - 09:40 PM

Read the report that Eric Howes just put out - he shows where you can get some massive, massive infections.
Signature file is under revision. This will be back shortly.

#8 mpfeif101

mpfeif101

    Spyware Sucks

  • Retired Staff
  • PipPipPipPipPip
  • 519 posts

Posted 24 November 2004 - 07:03 PM

Tuxedo Jack - Link please :)
Spyware Aid - A guide and more to spyware

Proud member of ASAP since 2004

Please do not PM me asking for support. Post on the forums instead :)
Please post the final results, good or bad. We like to know!

HijackThis! | Recommended Software | Help Wanted
| Search the Forums|Forum Guidelines
Faster, safer, better, free -> Posted Image Now 1.0 Final!

If you'd like to donate to the fight against spyware...
Donate to SpywareInfo

#9 fredvries

fredvries

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 345 posts

Posted 25 November 2004 - 02:00 AM

Goto: www.crackz-serialz.com/list/l/2 and choose "lady sonia". :blink: <--link disabled so no one clicks it accidentally - copy it into your browser if you really want that infection. :) Note that we do not endorse cracks of any sort. cnm

Edited by cnm, 30 November 2004 - 06:37 PM.

www.pdd-nos.com

#10 LineOFire

LineOFire

    Malware Assassin

  • Retired Staff
  • PipPipPipPipPip
  • 1,267 posts

Posted 25 November 2004 - 09:21 PM

Tuxedo Jack - Link please :)


I was thinking the exact same thing. :)

#11 mpfeif101

mpfeif101

    Spyware Sucks

  • Retired Staff
  • PipPipPipPipPip
  • 519 posts

Posted 25 November 2004 - 11:29 PM

Found Tuxedo Jack and forced him to talk :p

http://spywarewarrio...-test-guide.htm
Spyware Aid - A guide and more to spyware

Proud member of ASAP since 2004

Please do not PM me asking for support. Post on the forums instead :)
Please post the final results, good or bad. We like to know!

HijackThis! | Recommended Software | Help Wanted
| Search the Forums|Forum Guidelines
Faster, safer, better, free -> Posted Image Now 1.0 Final!

If you'd like to donate to the fight against spyware...
Donate to SpywareInfo

#12 LostAccount

LostAccount

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,291 posts

Posted 26 November 2004 - 01:56 AM

There is this thread by the Internet Storm Centre on how a man goes to a site and is infected by malware.

This is a link:

Follow the bouncing malware part 1

Follow The Bouncing Malware Part II

Follow The Bouncing Malware Part 3
<span style='font-size:8pt;line-height:100%'><b>Useful Software</b>:</span>
<a href='https://www.kaspersky.com'target='_blank'><i>Kaspersky</i></a>, <a href='https://housecall.trendmicro.com/' target='_blank'>Housecall <i>Trendmicro</i></a>, <a href='https://www.emsisoft.com' target='_blank'><i>a2 free edition</i></a>, <a href='https://www.kerio.com' target='_blank'><i>Kerio Personal Firewall</i></a>, <a href='https://www.lavasoftusa.com' target='_blank'><i>Ad-aware SE</i></a>, <a href='https://security.kolla.de' target='_blank'><i>Spybot S&D</i></a>, <a href='https://www.merijn.org/files/hijackthis.zip' target='_blank'><i>HJT</i></a>, <a href='https://www.cwshredder.net' target='_blank'><i>CWShredder</i></a>, <a href='https://www.mvps.org/winhelp2002/hosts.htm' target='_blank'><i>MVPS HOSTS file by WinHelp2002</i></a>, <a href='https://netfiles.uiuc.edu/ehowes/www/resource.htm' target='_blank'><i>IE-SPYAD by eburger68</i></a>, <a href='https://www.javacoolsoftware.com/' target='_blank'><i>Spywareguard and Spywareblaster</i></a>, <a href='https://www.winpatrol.com' target='_blank'><i>Winpatrol</i></a>, <a href='https://www.mozilla.org' target='_blank'><i>Mozilla & Firefox</i></a>




Member of UNITE
Support SpywareInfo Forum - click the button