I can give you a copy of rbot, that I used in a basics of malware analysis workshop. It connects to the botnet (irc server, domain name under your control), where it receives further instructions from botmaster (scan, ddos attack, upgrade, etc.). The bot itself isn't very sophisticated, no rootkit protection, just copies itself in system folder and makes an autorun entry in registry.
Other option is A or B variant of conficker, you can get it on http://www.offensivecomputing.net./ Once you understand how it hides itself, it's quite easy to find it and disable it.
Slashdot Mirror
I can give you a copy of rbot, that I used in a basics of malware analysis workshop. It connects to the botnet (irc server, domain name under your control), where it receives further instructions from botmaster (scan, ddos attack, upgrade, etc.). The bot itself isn't very sophisticated, no rootkit protection, just copies itself in system folder and makes an autorun entry in registry. Other option is A or B variant of conficker, you can get it on http://www.offensivecomputing.net./ Once you understand how it hides itself, it's quite easy to find it and disable it.