Malware Domain List

Site Related => Site / Forum Discussion => Topic started by: menacez on April 11, 2009, 10:29:57 am

Title: Malware
Post by: menacez on April 11, 2009, 10:29:57 am
Hi All,

I'm trying to clone a malware infested site locally in a webserver in VM to actually see what its doing from a server side. The site has lots of exe's, javascript, aspx pages and I've tried httrack, wget etc. but this doesnt retreive all links.

How do you experts out there clone a malware website to learn about how things work and "play" within an isolated environment (VMware) but also see Windows being infected with malware.

Appreciate any comments & apologies if I've broken any rules.

Cheers,
Menacez
Title: Re: Malware
Post by: MysteryFCM on April 11, 2009, 03:06:24 pm
In short, unless you've got direct access to the source files, your method isn't going to work, as you still need the PHP or whatever code, they're using to dynamically etc create/spit out, the files.

The most you can do, is get the client-side created files, which are usually not going to help for the purposes you describe.
Title: Re: Malware
Post by: menacez on April 12, 2009, 08:44:51 am
In short, unless you've got direct access to the source files, your method isn't going to work, as you still need the PHP or whatever code, they're using to dynamically etc create/spit out, the files.

The most you can do, is get the client-side created files, which are usually not going to help for the purposes you describe.

Ok thanks MysteryFCM. I'm sure everyone knows but tcpdump/wireshark is also your friend  ;)

Menacez
Title: Re: Malware
Post by: MysteryFCM on April 12, 2009, 07:37:52 pm
That still only helps for client-side code - not server side ;)