Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Anyone have a list of infected sites?

Created: 11 Dec 2009 • Updated: 21 May 2010 | 8 comments
This issue has been solved. See solution.

Does anyone have a list of sites infected with rogue viruses or spyware like Windows Antivirus Pro?  Or better yet a site or sites that maintains a list of such sites?  I want to use them to test the effectiveness of various SEP settings.

Comments 8 CommentsJump to latest comment

Vikram Kumar-SAV to SEP's picture

 eicar.org
http://www.viruslist.com/

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

drew at NF's picture

All those sites are great, but let me clarify for what I am looking.  Most of the viruses/malware that I have seen in the last 6 months has come from a user going to a site and a pop-up comes up and says that their computer is infected, click here to download antivirus software.  Of course, this is spyware/malware in itself.  What I am looking for is a list of sites that have this infection so that when I go to one of those sites, that malware will pop-up.

I looked around on:
http://www.viruslist.com
http://eicar.org
http://www.virustotal.com
and could not find such a list.

Does anyone have such a list or have a full URL to such a list?

Vikram Kumar-SAV to SEP's picture

http://safeweb.norton.com/dirtysites

Check the sites on the list above you might find some new ones as well :-)

I got what you mean but as admin we get to see only a infected computer the user never accepts which site he has gone to..

http://www.offensivecomputing.net  this is a site which has good collection of malware samples

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

SOLUTION
Thomas K's picture

What you are looking for would be a list numbering in the 10's of thousands of URL's, or more. Even if you had the list, it is a moving target. New infected domains are always showing up, to to maintain the list would be impossible for one administrator.

I use Safeweb and Exploit Scan to check URLs that I suspect are dangerous.

Best,
Thomas

Grant_Hall's picture

 Totally agree with Thomas, but since you are asking I found one that might be of some help: http://www.spywarewarrior.com/rogue_anti-spyware.htm . Since you said you are planning on using this list to test against SEP please do it on a computer that is not connected to your network, and please re-image it prior to re-connecting it. 

Grant-

Please don't forget to mark your thread solved with whatever answer helped you : )

AravindKM's picture

As Thomas told I don't think you can stop all the urls.You have to think of some other way to stop this
Below docs can help you in this
Using Application and Device Control to stop registry entries added by a threat or risk
Common loading points for viruses, worms, and Trojan horse programs on Windows 2000/XP/2003

For preventing computers from the threat educating the user is also an important thing...

Please don't forget to mark your thread solved with whatever answer helped you : ) Thanks & Regards Aravind

snekul's picture

When I give training on how to avoid these types of scams, I usually use a URL from http://www.malwaredomains.com/ to show people, though I always check the link out beforehand, just in case its got porn or something a little too scary on it.

WARNING:
Be careful what you wish for and what you do with those URLs.  Some of them might contain even more then just malware that could get you into trouble.

Eric C. Lukens IT Security Policy and Risk Assessment Analyst University of Northern Iowa