

Ask HN: Viruses wanted for masters project - deutronium

I'm currently undertaking a masters project, involving virus detection using machine learning.<p>Currently I have three viruses which spread effectively in a virtual environment (KVM VM's and a VDE network, consisting of a number of virtual switches), I'm basically looking for a large number of working viruses to create some very solid results.<p>If you have any please could you upload them using:<p>http://drop.io/hidden/oklxql2qoxkhhc/upload<p>I'll also post my dissertation upon its completion if people are interested.<p>Thanks for your help!
======
yan
Are you looking specifically for viruses or other types of malware? Have you
checked out <http://offensivecomputing.net> ?

~~~
deutronium
Sorry, I should have been a little clearer about this, I'm looking for viruses
& worms. The current ones I have working are Sasser,Nanspy & Padobot. That
site looks very cool, I believe I've seen it before but forgotten about it.

------
profquail
You could also send some emails out to the makers of some anti-virus and
malware software (McAfee, Kapersky, LavaSoft, etc.); I'm sure they have plenty
of samples they could offer you.

Also, check out this list of big computer worms on Wikipedia, perhaps you
could search around and find copies of them:
[http://en.wikipedia.org/wiki/Timeline_of_notable_computer_vi...](http://en.wikipedia.org/wiki/Timeline_of_notable_computer_viruses_and_worms)

------
dryicerx
A suggested alternative is to use span pcap dumps of network environments that
have viruses spreading through them (I used a few of them for a earlier
project for worm detection), although I can't seem to find those website at
the moment. But something to keep in mind. Try searching for Defcon packet
dumps.

A added benefit would be replaying the same test environment repeatedly while
tweaking your detectors parameters.

~~~
deutronium
Cheers, I'll check them out, I used to record PCAPs when I was using KVM's
multicast network emulation, as it was easy to pick up all network traffic,
its become more difficult using VDE, as I don't believe theres a way to record
all traffic through a single tap interface.

------
eshi
I'm not sure how useful this will be for you, but <http://vx.netlux.org/> has
a decent collection that's somewhat dated.

~~~
deutronium
Thats actually where I got the current three from, went for the rather large
bittorrent option. I've tried testing a lot of the worms from that collection,
a lot of them don't seem to replicate under WinXP (with no service packs), I
think, as you say, due to their age.

~~~
eshi
I did some searching and came across a section on malwarebytes.org:
<http://www.malwarebytes.org/forums/index.php?showtopic=23225>

Sorry, I couldn't be much help. Good Luck.

~~~
deutronium
Thanks, that looks another useful site.

