sorry if this is a little off topic but when you guys go to all these malware links in here and you upload the malware to virus total
what software do you use to prevent all this malware from infecting your pc??

Hi Blades.

I can't speak for everyone, but when I go out to catch and try malware, I use a virtualized environment. What that means is that by using tools like VirtualPC or Vmware, you can run a separate operating system within your current working system that is isolated.

For instance I have 2 virtual machines, an XP Sp1 and a Vista Ultimate Sp1 on which I try new malware or test removal procedures.

@YoungGun
More than 50% of todays malware will detect the VM and stop the execution to prevent you finding the actions it normally does.

@blades777
I do not run malware on my PC to see if it will download something, or to take notes about the connection it makes. You have a lot of online sandboxes to do this for you (Anubis, CWSandbox etc.)
I only get the page's source and analyze it to see what does the exploit(s) download and run.
I use my own app for such tasks - Malzilla.
Malzilla is available from http://malzilla.sourceforge.net/

Hi bobby_

I'm not sure if you percentage is accurate. I would say more 30%-40%. I have a spare Celeron 1.0 Ghz XP SP1 for those exceptions. Anubius is great, but it 1. Doesn't tell you everything 2. You don't get to try an clean the mess the malware makes

Malzilla is a great tool. Otherwise, Sandboxie + Proxomitron when I'm feeling lazy. I find that Avira helps a great deal when it comes to pinpointing exploit scripts, since it has absolutely paranoid detection for them.

does Proxomitron filter out malware when surfing sites with malware?

I like Process Guard . It asks to let everything you have not whitelisted run . Copy the file and select deny .

You got your sample and it did not run .

I use a combination of sandboxie and malzilla to download files.
I never run them, even sandboxed.

I post virustotal results and links to the MIRT page.

I use a couple of tools....

Main ones are:

Malzilla
Sandboxie
VMware workstation
Tiny Watcher
Kaspersky Anti Virus/Internet Security 8 HIPS
ANUBIS sandbox analyser

When first visiting a suspected malicious domain, I will download source code using malizlla (running inside sandboxie just incase) and manually look through source for suspicious code/script

If I find something suspicious, use malzilla to save to file and I collect all of these potential samples inside sandboxie, disabling them by adding a _ to the end (e.g. load.exe_) to stop myself accidentally infecting myself.

I then either submit the samples to the ANUBIS sandbox for analysis, or let them loose inside my virutal machine (although bobby_ has mentioned that this method is becoming less effective)...and use tiny watcher/kaspersky HIPS to track the changes and any files created or downloaded.

Finally, I collect any additional samples I can gather via sandbox report or the virutal machine and submit them to virustotal and listserv.