I'm developing an Intrusion Detection System program....right now, I have written some of the code, but I'm having a lot of difficulty testing it, because I don't have any virus infected systems to test the code on....is there any way I can develop a worm just for testing purposes?...or is there any other way to check for malicious data ?
well it depends, are you scanning the viruses using static analysis i.e checksum MD5, and disassembly - and checking for malcious code signatures, or are you emulating the the virus? there are other methods, sometimes both are used.
Because if you are doing a simple md5 checksum scan you could get a virus sample, add the checksum to the database and check if it picks it up. Or run the virus and your AV in a virtual system thus not harming your pc-but watch some vruses are made to detect and escape the virtual system, or not work correctly if it detects the VM.
The only real reason for developing your own virus to use for testing is if you had to be using emulation as your AV would then check for any irregularities in the operation of the program such as deleting files etc and flag it as malicious. Or when you could develop your own virus and record its md5 in your database and check if your AV picks it up and removes it or what not, that would be the first testing phase because then atleast you know eactly where to find the virus and how to remove it, when using real world viruses much research on the individual viruses 'movements' are needed threatexpert should help with that.
all right...i think i'll run the virus and AV on a virtual machine...that should be safe....thanks!!