I think this site could be usefull for your research: http://www.offensivecomputing.net/ Regards / Cordiali saluti, Gabriele Zanoni Secure Network S.r.l. Via Venezia, 23 - 20099 Sesto San Giovanni (MI) - Italia Tel: +39 02.24126788 Mobile: +39 340.4820795 email: g.zanoni@xxxxxxxxxxxxxxxx web: www.securenetwork.it Il Tuesday 02 September 2008 12:06:47 Steve.Coleman@xxxxxxxxxx ha scritto: > I am currently working on a research project and designing an application > specifically aimed at locating malicious logic embedded in source code > (C/C++ for now, other languages will be addressed later). As a test of the > future implementation I would like to use as many real life examples of > code as possible. Anything that was known to have been compromised, had a > backdoor, easter egg, or other forms of malicious or undesired logic would > make a good test, or at least be a 'more fair' test than anything I might > write myself. > > Because those malicious versions of Open Source projects are usually taken > off line just as soon as the incident is discovered, I am having a > difficult time in tracking down the specific examples that I am currently > aware of. I therefore would like to ask if anyone out there knows of any > collection/repository of malicious source code? If not, does anyone have > suggestions on specific version numbers of Open Source projects (or > available proprietary code) that I should be looking for across all the > various Internet archives? > > Thanks in advance! > > btw - Just to keep this thread even remotely on topic the answer is yes, I > am well aware that you can not prove a negative. So, we don't need to go > there. ;)
