Web Malware Collection – Massive Change

Insecurety Research has mantained a repository of web malware over at Google Code for a considerable amount of time, pharm so independant researchers could get samples for analysis.

We always offered it as a SVN repo, where anyone could anonymously check out the whole collection, troche or selected samples, at will.

Those days, sadly, have come to an end.

Due to a researcher from nerv.fi creating an issue about it – see here – we ended up deciding to come to a compromise, sale lest we get suspended or something.

We now offer the entire repository as an archive downloadable here instead of a SVN repository, and every time we get 50 new samples in the bag, we will update the tar file.

Simply wget http://web-malware-collection.googlecode.com/files/web-malware-collection-13-06-2012.tar.gz to get the current one. We will post every time we release a new one.

This project has been one of our proudest achievements, and we are very sorry to see it crippled in this way, however as we all know, we must adapt in order to survive. While Henri has a legitimate complaint, we believe that these samples STILL belong to the public.

Human knowledge belongs to the world, after all, and information ALWAYS wants to be free.

3 thoughts on “Web Malware Collection – Massive Change

  1. Very good to hear you’re adapting as I have your site bookmarked, but it’s sad to hear how you have to deal with imbecile people like that, that doesn’t realize all of these web shells are publicly accessible via tons of other websites.

    They have existed for several years (+5), and they will continue to exist, and be accessible with something as simple as one Google query. (That’s how I found most of them, plus searching various hacking forums.)

    Keeping them private, while only sharing (i.e. sending) them to anti-virus companies will do no good, as they are already aware of the majority of web malware. The people on the good side will only have less resources to work with, as they will have to use more time finding these malware samples.

    Of course, there is always a chance that research related to hacking will be abused by both blackhats and script kiddies, even governments (I doubt the last item as they will probably develop their own *cough* stuxnet and flame *cough*), but that is the price to raise awareness about web malware and everything else related to hacking.

    I hope you are reading this nerv.fi guys, as I will always support this project and intern0t, will always exist and be a place for open technical research, whether it is about protocol weaknesses, web malware, or 0days, it will continue to be accessible. In case you do succeed to even make problems with insecurity.net’s hosting provider we will make sure EFF gets to hear about it, while offering support via InterN0T’s or our affiliates’ services.

    Human knowledge belongs to the world, after all, and information ALWAYS wants to be free.

    Couldn’t agree more, it’s my motto as well :-) Hail Nikolas Tesla! (Side topic)

    Best regards,


  2. Pingback: SHODAN related infosec assortment « Ellie Asks Why

  3. First of all I am not imbecile.

    I have no problem with the project whatsoever. This was not about freedom of speech (I do host http://www.lapsiporno.info and try to raise awareness in Internet censorship), but about HOW the samples were shared in public. I was mainly afraid of RFI attacks used via files hosted in that project, which I pointed out also in the Google Code project issue #1. I am not saying this project should be ended nor contacting hosting providers or anything like that. Don’t misunderstand me. I can even give you more samples, which are not in the collection currently if you contact me via email and discuss details how to send them.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>