How do I get a virus intentionally to test this potential anti-virus program?

[lectrocrew]

My buddy says his AV software will protect my machine from any virus and repair anything in the event a virus does penetrate his protection.
 So I made a wager with him that he may be right, but if not, he will pay for this machine. So, what's a preferable link to click to put this issue to the test?
 I'm serious, he has the $ and I'm using one of my old PC's that is worth way less than his wager.
 I'll post the results - maybe on one of my other machines lol!
Thanks,
Mike

[ninjatex]

Call up a computer repair shop, ask for the viruses from their quarantine and they might be nice enough to give them to you, assuming they don't care about liability. You could also search for programs online that promise to hack online games, those are almost a sure bet to have viruses in them.

Just make sure the computer you run them on is offline -- you don't want your computer to be used by the viruses to spread themselves or be involved in credit card fraud.. or worse.

[Linux711]

I used to have a link to a site that had an RSS feed of viruses (intentionally), but it's on my home PC. I'll look for it later.

[Sidewinder]

Check out this site. The files are harmless but will (or should) trip your AV software into action.

Good luck. 

[Linux711]

Here it is:

http://malc0de.com/rss/

Basically each exe in those links contains malware.

[DaveLembke]

Going to check into those links myself for malware for testing. I use to host honeypots to snag hackers and get them to plant tools etc. Then after they have taken over a system, offline it and analyze further. I would intentionally put a system up that looked like a legit business system etc and intentionally have an exploit vulnerability on it for point of entry and let them in and infect it etc. Lots used the Black VNC exploit for easy entry. After the system is done from checking into what they did, I'd push ghost image to it off of a DVD-R and bring it back to clean running with exploit ready for the next hacker to use the same way in. Lots of EXE's were snagged thru that process, but mostly kiddie scripts, malware written by someone other than the hacker. The most common TSR's were keyloggers, although I stopped servving up honeypots when someone tried to turn my honeypot into a relay point for P2P. When I saw that, I was like ok it was fun baiting them, but its now too dangerous if my honeypot can come back and bite me.