Comments on: Spyware-Infecto! Where to get good spyware these days?

Question: Spyware-Infecto! Where to get good spyware these days?

disclaimer — Tue, 24 Oct 2006 20:33:47 -0800

Help me find some spyware. I am interviewing someone for a position in "residential IT support" and I want to infect a PC for them to fix. Where to get the warez?

Not just cookies, either. I want some L2M infections, some good old nasty Trojan horses and maybe even a couple of viruses.
I want a machine so dogged down with junk it can't even open a window - unless it opens ten at a time. I want this tech to be as challenged to remove the infections as possible. Does anyone here know of any sites that pass this junk? I am extremely particular about the sites I visit, so I'm drawing a blank.
Thanks in advance!

By: Phire

Phire — Tue, 24 Oct 2006 20:37:33 -0800

Download Kazaa and download a couple of movies/songs? [/tongue-in-cheek]

My experience with Kazaa was horrifying, but maybe that'd be a good place to start.

By: junesix

junesix — Tue, 24 Oct 2006 20:39:17 -0800

Search for porn and warez, go to the websites, and click Accept/OK to everything that pops up.

By: pompomtom

pompomtom — Tue, 24 Oct 2006 20:55:43 -0800

Get some FREE SMILEYS!

By: onalark

onalark — Tue, 24 Oct 2006 21:08:14 -0800

Hide a couple evil little toys for him in these spots.

Do something evil, like write a little piece of batch code that modifies the registry so that the homepage of the browser is reset to (insert evil website here). Have this piece of code executed on every reboot.

Impossible to find unless you know the registry, which this guy should if he's reasonably competent.

By: Liosliath

Liosliath — Tue, 24 Oct 2006 21:21:00 -0800

Too bad Bonzi Buddy is no more. That was a surefire way to bring your PC to a molasses-like state of pop-ups galore.

By: zek

zek — Tue, 24 Oct 2006 21:32:55 -0800

Easy as pie. Check the spam in your email inbox. Any attachment accompanied by a nonsensical one-liner will be a worm or trojan.

By: Cog

Cog — Tue, 24 Oct 2006 21:41:07 -0800

While you're at the warez sites, download a few cracks for popular software titles. It doesn't matter if you have the software or not, just run the crack and let them install whatever they want.

By: Steven C. Den Beste

Steven C. Den Beste — Tue, 24 Oct 2006 21:58:47 -0800

This is just the excuse you need to visit free online porn sites.

By: bh

bh — Tue, 24 Oct 2006 22:26:02 -0800

Residential IT Support? Reinstall everything.

By: sophist

sophist — Tue, 24 Oct 2006 22:34:18 -0800

Make sure you use Internet Explorer. Movies alone cannot infect your computer, but active-x embedded stuff can. If you can setup a new XP install, don't update anything, make sure firewall is off. Installing Kazaa is a good start Check out the page linked to in this google search for the Munga Bunga Brute Forcer which should also install CoolWWWSearch, one of the most prevalant malware things that results in the about::blank error. Instead of downloading porn movies (this will not break your computer) try searching for something like "free xxx passwords" and look for programs. The last big round of infection i saw was malicious programs masquerading as codecs, but i tried to find some and they had all been taken down already.

Go register an email address at hotmail, then start using it all the time. Turn all spam filtering off, register at all kinds of free sites, install a bunch of "free search toolbars", "web accelerators", etc etc etc. keywords like p2p, free music, free music, cracking, porn should get you started, don't forget to give out that email adress and open those attachments!

By: sophist

sophist — Tue, 24 Oct 2006 22:38:52 -0800

Here is a good list of infected p2p applications. Once you get in it might be a good idea to look up exe files and start downloading and running some of those too.

By: bkudria

bkudria — Tue, 24 Oct 2006 22:42:03 -0800

I've also heard that just visiting http://astalavista.box.sk in IE is a good way to permanently cripple a Windows install. You can use the search engine to find cracks/keygens to run also. Try pirating Adobe Photoshop or Macromedia Flash.

By: chrisamiller

chrisamiller — Tue, 24 Oct 2006 22:52:29 -0800

By linking these nasty sites, we're giving them all kinds of page rank and raising them higher on google. Perhaps we could obfuscate the urls a little bit? Use something like: "http://address 'dot com'"

By: tomble

tomble — Wed, 25 Oct 2006 03:19:17 -0800

Oh, have I got a site for you.

Go here and run any of these programs.

Popups everywhere.

I had to run a virus scanner, two anti spyware programs and a special program specifically designed to rid me of this problem.

By: Chunder

Chunder — Wed, 25 Oct 2006 03:36:01 -0800

Do what the BBC did recently, and build a honeypot PC (they used a virtual PC session) - part 1 and part 2.

You shouldn't have to exert any effort in setting up the compromised machine - although it may end up being a bit too much to fix, and will require rebooting, reformatting and reinstallation (the three main tenets of an IT support role, from an outsiders POV!)

By: dgeiser13

dgeiser13 — Wed, 25 Oct 2006 05:06:44 -0800

Once you get a particular nasty box set up you should image it so you never have to go through the process again.

By: prentiz

prentiz — Wed, 25 Oct 2006 06:05:01 -0800

When I locked my proper PC up, I had to connect my old PC (Windows 98, old Explorer etc) to my broadband - it was unusably slow because of malware in less than an hour...

By: theora55

theora55 — Wed, 25 Oct 2006 14:06:47 -0800

Webshots, kazaa(not kazaa lite) most free games. Oohh, look, spyaware, I'll bet that's really useful... and more from the same site. Googling how to get spyware found this useful discussion. Sounds like fun.

By: loquacious

loquacious — Fri, 26 Jan 2007 04:37:17 -0800

I hope you're not doing this experiment on a home computer with personal information, passwords or financial information on it, or on an active network with users who may be using it for banking or other sensitive data. Remember, an infected computer can sometimes infect other computers on a network, or eavesdrop on their network communications.

If not:

Install any unpatched Windows and IE and just hook it up raw to a cable modem. No firewalls.

You'll only have to wait about 30 seconds. The days of it being "safe" to connect to the 'net without at least a firewall are pretty much long gone.

Or start searching for "free software" or "free porn" while browsing with IE.

By the way, speaking as an IT-support type person your test is pretty much useless as a measurement unless both you and the IT guy are experienced in the inner workings of Windows and the registry system to be able to judge his skills against the skills of the spyware writers.

Speaking as an IT guy, my solution would be to trust in the skills of a few trusted others and run a good anti-virus/malware package like NOD32 or Panda, run a registry cleaner, inspect it for other known threats, cross my fingers and reboot. Because, frankly, most IT folks don't have time to actually edit the entire registry or system files and move file packages and such around by hand.

And then schedule a full reinstall and patch session (from disk image, streamline, or (ugh) original discs and then I would lock that machine down tighter than pickled eel anus so it couldn't get infected again and people couldn't help it get infected again through malice and/or ignorance.

So, IT isn't really Cowboys and Indians stuff. Dealing with malware in working IT environments (including residential) is mostly boring procedures and orders of operations, just like dealing with infectious diseases is mostly procedure.

So, to premptively answer your interview question - you can only make your infected computer so infected that it takes the amount of work that a scan, backup and reinstall takes.

In a good shop that can be as quick as 3-5 minutes or less to do a backup disk and image install, depending on how much user data there is to back up. (Plus paperwork, login information, domain adds and other misc, which is why it actually takes an hour, but the disk write and "fix" takes mere minutes.)

In a bad shop, doing a fresh install from original discs can take days, depending on how much software there is to be installed.