In my previous post, I listed a number of websites that offer either malware collections or links to infected sites but what if you want to find your own infected sites (and malware)?
Make no mistake, finding malware on your own is generally slow and tedious. One of the best ways that I’ve found to “stumble” upon an infected website is to do a web search for something like:
dark souls download
game of thrones season 6 download
The initial pages of search results are what one would expect – torrent sites and game/movie review sites. However, once you get about 8 – 10 or more pages deep, you’ll start to see things like this:
That doesn’t look right. According to their website, Bullhorn Reach is a recruiting company:
It looks like we’ve found a compromised website.
If they’re hosting a single download like this, they’re most likely hosting others. Let’s see what we can find with a little Google dorking. Try searching with:
Here’s what I got when I did that:
Over 2,200 download links! Either the site is compromised or someone on the “inside” is using the company server as his/her own personal file server.
Most of these types of links seem to lead to web pages with standard, run-of-the-mill malware (e.g., fake Adobe updaters, download managers, pop-ups with fake tech support scams, etc). Some actually even do lead to the searched for item.
At this point, one can either try to figure out how the site was compromised or perhaps try to snag some malware and reverse engineer it. The choice is yours.