Clear all

MBR Malware

New Member

Hello everyone,
I am a senior at Champlain College in Computer & Digital Forensics and I am doing my senior thesis project on MBR Malware Analysis. My plan is to outline how they get on a system, how they plant themselves on a system, what happens to a system afterwards, and how forensic examiners can detect them. I was wondering if anyone knows where I can get samples of the malware for my testing? I am looking into the five most common families in 2011 - Cidox, Fispboot, Alworo, Tidserv, and Smitnyl. I've tried contacting a few people, and I understand that it's something tricky to get your hands on. Any information would be helpful! Thanks!

Topic starter Posted : 25/01/2012 6:03 am
New Member

So I did a search and came across this article with an inforgraphic from Symantec. I was interested so I was reading some if it and came across this tidbit Many boot malware including Mebroot and Fispboot are based on BootRoot code.

BootRoot was presented at BlackHat as a research project by eEye, which made me think the source must be easy to comeby. Well I found it here http//
Notice that the .zip file they provide is password protected eeye. Not a sample from an item on your list, but it's something to get you started and is a basis for at least one on your list.

Posted : 25/01/2012 6:35 am
Junior Member

Lenny Zelster put together a decent list of websites in his post Malware Samples for Researchers. You might be able to find the samples you are looking for using those websites. Personally, I had good luck with Offensive Computing.

Here is the post http//

Posted : 25/01/2012 6:49 am
Share to...