In search of examples of malicious source code
I am currently working on a research project and designing an application
specifically aimed at locating malicious logic embedded in source code (C/C++
for now, other languages will be addressed later). As a test of the future
implementation I would like to use as many real life examples of code as
possible. Anything that was known to have been compromised, had a backdoor,
easter egg, or other forms of malicious or undesired logic would make a good
test, or at least be a 'more fair' test than anything I might write myself.
Because those malicious versions of Open Source projects are usually taken off
line just as soon as the incident is discovered, I am having a difficult time
in tracking down the specific examples that I am currently aware of. I
therefore would like to ask if anyone out there knows of any
collection/repository of malicious source code? If not, does anyone have
suggestions on specific version numbers of Open Source projects (or available
proprietary code) that I should be looking for across all the various Internet
archives?
Thanks in advance!
btw - Just to keep this thread even remotely on topic the answer is yes, I am
well aware that you can not prove a negative. So, we don't need to go there. ;)