Worm for Testing Purposes?

  • Thread starter Thread starter dubya
  • Start date Start date
D

dubya

Hello\,

Does anyone know of a non-destructive, safe worm - one that doesn't do
anything but propagate and is easy to remove - that I can use for testing in
small networks?

Thanks!

Mike
 
No. Why not create one yourself instead of asking here. Nobody in their right mind
will do this for you

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
http://www.microsoft.com/protect
 
I didn't ask anyone to do anything, let alone create something.

You know, pal, most people in their right minds can read and actually do
read posts before replying.
 
dubya said:
Hello\,

Does anyone know of a non-destructive, safe worm - one that doesn't do
anything but propagate and is easy to remove - that I can use for
testing in small networks?
Click to expand...

There's no such thing, but there are things that come close.

You probably need to find another way of accomplishing what you want,
but 'what you want' isn't exactly clear in your post

Are you intending to study the worm, or are you trying to test a
network?
 
dubya,

The EICAR group came up with a harmless file detected by antivirus products
so you can safely verify the product's working. If you haven't seen Windows
Defender detect something, visit
<http://www.eicar.org/anti_virus_test_file.htm> , download the 68 byte file
eicar.com.txt, and copy it to your startup folder. Your AV solution (that
you should be running in addition to Windows Defender) will also pick it up."
-=-
 
In
??ç?l said:
dubya,

The EICAR group came up with a harmless file detected by
antivirus products so you can safely verify the product's
working. If you haven't seen Windows Defender detect
something, visit
<http://www.eicar.org/anti_virus_test_file.htm> , download
the 68 byte file eicar.com.txt, and copy it to your startup
folder. Your AV solution (that you should be running in
addition to Windows Defender) will also pick it up." -=-
Click to expand...

Good response: Eicar is completely safe and won't cause any harm. It's old
but it at least shows that the signature it uses gets caught by
security-ware.

HTH,

Twayne`
 
Twayne said:
In

Good response: Eicar is completely safe and won't cause any harm. It's
old but it at least shows that the signature it uses gets caught by
security-ware.
Click to expand...

It is not a worm, so how is that relevent to his query.

I am suspecting that the OP wants a *worm* (without a payload) to run
rampant on his network so that he can study worm behavior.

This is entirely unsafe - better would be to put restrictions on the
worm (such as requiring some registry value only found in the test
network's computers or requiring users' permission before replicating)
which violates the *other* request that the worm *only* propagte - and
do nothing else.

An impossibility.
 
....or just copy this

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

and paste it into notepad and save it as a batfile or comfile if your AV
doesn't alert on it when saved as a textfile.

....or see attached if it comes through.
 
FromTheRafters said:
There's no such thing, but there are things that come close.

You probably need to find another way of accomplishing what you want, but
'what you want' isn't exactly clear in your post

Are you intending to study the worm, or are you trying to test a network?
Click to expand...
Sorry for the lack of clarity. Test the network. A mix of virtual machines
and hosts with various firewalls or lack thereof. I just want to see what
it gets through and what it doesn't. Nothing will be connected to any
public networks, so no risk to public bandwidth.

Thanks,
Mike
 
?ç?l,

Thanks. Indeed, that is a neat little item. I've used it. But it doesn't
attempt to travel from one machine to another on a network, which is what I
want to check.

Mike
 
P.S.

You may be right that there is no such thing. I thought I might find one on
a security website, but quite a bit of searching before I posted here turned
up zilch. I guess people fear such a thing would be turned to a destructive
purposes - as some people here seemed to assume. And perhaps too that
someone using it to test their own setup would not know enough to pull the
cord to the internet.

Mike
 
dubya said:
Sorry for the lack of clarity. Test the network. A mix of virtual
machines and hosts with various firewalls or lack thereof. I just
want to see what it gets through and what it doesn't. Nothing will be
connected to any public networks, so no risk to public bandwidth.
Click to expand...

True worms are generally dependent upon software vulnerabilities. The
only test worms I know about are historical in nature, and were written
for historical exploits of historical vulnerabilities. Google Fred Cohen
and read some of his papers on viruses (many of what were called viruses
then were actually worms in retrospect now that worms are better
defined). Part of the reproductive function of his test virus asked the
user for permission to infect IIRC - something any self-respecting true
worm wouldn't dream of doing.

You could concieveably install the necessary vulnerabilities (retrograde
your patches for instance) to provide an environment that supports a
particular kind of worm (like CodeRed or Sapphire) - but what would be
the point then, as you wouldn't actually be testing the network.

....as for playing with worms, that might work, but it could be
dangerous.
 
There are basline security analyzers and vulnerability scanners out
there. It is those things that actually support true network worms, the
networking aspect is what networks are *supposed* to do. It is usually a
vulnerability that allows the parent to ensure its progeny is executed,
and this is what separates true worms from viruses.

By "no such thing", I was referring to your request:

"...a non-destructive, safe worm - one that doesn't do anything but
propagate..."

To be *safe* it must do *more* than just propagate - it must set serious
restrictions on itself. :o)
 
dubya said:
Hello\,

Does anyone know of a non-destructive, safe worm - one that doesn't do
anything but propagate and is easy to remove - that I can use for testing in
small networks?

Thanks!

Mike
Click to expand...

Be careful, if you let your worm hang out you'll get arrested.
 
Back
Top