Playing Around Malwares
When you are running an antivirus many people do not like the fact that the AV removes the malwares directly, without asking for permission. Especially if a person looking to analyze or reverse viruses there is no chance to find what you are looking for without testing and understanding what this malware is able to do.
On a previous two parts post I have listed some tools for reversing malware freely as a reminder the list includes:
1- Virustotal www.virustotal.com
2- Sndboxie http://sandboxie.com/
3- Process Monitor from sysinternal http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx
4- API Monitor http://www.apimonitor.com/
5- iDEFENSE LABS tools http://labs.idefense.com/
6- CWSandbox http://labs.idefense.com/
7- ThreatExpert http://threatexpert.com/
8- Anubis http://anubis.iseclab.org/
9- Wepawet http://wepawet.iseclab.org/
10- Mandiant http://www.mandiant.com/
Further I had a comment asking about information on how to build a malware as part of a university exam, online information on computer viruses are too much, there is different ways to create malicious code. Now what I wanted to add is http://vx.netlux.org/.
VX Heavens (The best website about computerviruses) is what I call a zoo of viruses as it contains all type of malwares, it is a perfect site that is dedicated to providing information about computer viruses (or virii, as some would prefer) to anyone who is interested in this topic.
This site contains a massive, continuously updated collection of magazines, virus samples, virus sources, polymorphic engines, virus generators, virus writing tutorials, articles, books, news archives etc. Even the viruses for the platforms you’ve never heard of. Site also offers free hosting for virus authors and groups.
Here you will find a real platform with different viruses. So to not harm your system try to have a dedicated testing machine with different tools, this will allow you to understand the virus functions much better and make you perform your study and experimentation.
make sure you subscribe to my RSS feed!