17

I wish to analyze the changes made by a specific virus. For example, Win32.Sality.
Where can I get the sample of this, or other similar, malware for testing?

AviD
  • 72,138
  • 22
  • 136
  • 218
Rajan
  • 171
  • 1
  • 1
  • 3
  • 2
    And do AV editors in general have some official feed for malware? – curiousguy Aug 19 '12 at 18:22
  • 8
    +1, always wondered this: where is malware when you need it?! – Luc Aug 19 '12 at 19:00
  • I'm sure you can find some scene websites with virus samples, I can't remember the title exactly but there was one talk at Chaos Comm. Conference who was talking about that. Alternatively I can just give you my old hard drive ;) – rath Jun 16 '13 at 12:17
  • @val you seem to be under the impression theres a complete collection of all viruses ever somewhere? AV vendors might have something like that but the storage requirements would be intense. Regardless your wont be getting a copy from anyone. Also. Ecair test file? – NULLZ Jun 16 '13 at 22:43
  • Can you say me which tools you are using for the analyze? – Hidden Jun 17 '13 at 14:33

7 Answers7

9

Contagiodump blog and the spam folder are your best friends

dgarcia
  • 476
  • 3
  • 6
8

http://www.offensivecomputing.net has about 4,456,929 samples.

UPDATE

Offensive Computing is now offline

schroeder
  • 123,438
  • 55
  • 284
  • 319
vane
  • 191
  • 1
  • 2
6

http://www.malware.lu/ Has 2,236,674 samples

h00j
  • 756
  • 1
  • 7
  • 18
3

You can always run your own honeypot.

schroeder
  • 123,438
  • 55
  • 284
  • 319
3

virusshare.com is another great repository of malware samples, having a huge number of samples. A snapshot from the website's homepage:

enter image description here

Access is by invitation only, so you will need to drop a mail to the site admin.

Another good resource that I know of- www.deependresearch.org

pnp
  • 1,818
  • 2
  • 26
  • 42
3

Here Are Some List of sites where you can get malware for samples

Contagio

KernelMode.info

DamageLab.org

MalwareBlacklist

Malware.lu

Malware URLs.

Open Malware

virusshare

An Blog which has some url's

Malshare

Tekdefence

MalwareTIps - Virus exchange Forum

The above url's are An Summary from here

schroeder
  • 123,438
  • 55
  • 284
  • 319
BlueBerry - Vignesh4303
  • 5,107
  • 13
  • 34
  • 63
  • Tekdefence is the only simply browsed. Openmalvare responds with some list if I enter "windows" into the search windows. I would not find these sites without your help. This trick, with entering "windows" into MD5 window, however, does not succeed with Malshare. It seems really demanding exact MD5 keys, which I do not have without having samples first. – Val Jun 16 '13 at 13:10
0

Github now contains massive repos of malware. The one I linked is but an example.

schroeder
  • 123,438
  • 55
  • 284
  • 319