OK, let’s prepare the test platform. As I explained in the part 1, I use Oracle VM VirtualBox (recently updated to version 3.2.10) as a host sandbox. This sandbox I can use as a virtual computer to install basically any operating system. For the drive-by antivirus test I choose Windows Vista Home Premium SP2 32-bit. The idea is to make my system vulnerable, so it could be poisoned. Therefore, I intentially do not install any updates. Additionally, I install Adobe Reader 8.1.1 and Java Runtime 220.127.116.11 — both have known security holes. At that point the test OS is finished and I create a copy of it, because once it is infected (I’m sure it will be), I will need a clean one.
I’m going to perform a test of Antivirus programs in the drive-by mode. That means I will consider I think the most frequent way of getting malware for a home user — via casual browsing in the internet. In my lab I will use a freshly installed system (not decided yet which one, most probably Windows XP or Windows 7 Windows Vista) without updates and some buggy software from Adobe (Acrobat Reader, Flash) and Java without latest patches of course. I will use Internet Explorer 7 (standard for Windows Vista) also popular browsers, but not too new again — FireFox 3x, etc. Where do I get old versions of software? Old Applications for Windows is a good site. To stay safe in any case, I will use VM VirtualBox v.3.2.8 from Oracle. VirtualBox is a general-purpose full virtualizer for x86 hardware. Targeted at server, desktop and embedded use, it is now the only professional-quality virtualization solution that is also Open Source Software, i.e. also free to use.
Where am I going to get infected web-sites? Good question. I will use Malware Domain List (www.malwaredomainlist.com) for that purpose. [WARNING: All domains on this website should be considered dangerous. If you do not know what you are doing here, it is recommended you leave right away. This website is a resource for security professionals and enthusiasts.] No one wants to pay 1500$ (!) for the Eleonore Exploits pack. But I see now that the current listing is full of zeus v2 trojan variants!