While working in IT support, I would routinely have to remove malware from users’ PCs. Now that I work exclusively with malware, I spend a lot of time trying to intentionally infect my VMs so that I can get malware samples to study or so that I can follow the latest malware campaigns. To do this, I use older, unpatched operating systems with old versions of vulnerable software. Surprisingly, I have an unbelievably hard time finding ways to infect my VMs.
Of course, there’s a lot going on that could account for this. Not least is the fact that a lot of malware nowadays is VM-aware and will refuse to load if it detects that it’s being run in a virtual environment.
One way to get around this conundrum is to visit some of the many great websites that store and make available malware samples. Here is a list of some of them. As far as I know, these are all free sites (although, some may require that you sign up for a free account). Let me know if you have any favorites that I’ve missed.
REMEMBER: THESE SITES CONTAIN ACTUAL MALWARE (OR LINKS TO ACTUAL MALWARE). YOU WILL BECOME INFECTED. YOU ARE RESPONSIBLE FOR ANY DAMAGE THAT MAY RESULT FROM ACCESSING THESE SITES.
Malware Domain List
Clean MX Realtime Database
Contagio Malware Dump (in transition)