Selection of malware for the testing antiviruses for the treatment of active infections II
Selection of malicious programs for the testing antivirus products for the treatment of active infections (second test).
For the purposes of testing antivirus programs for the treatment of active infections, the expert group from Anti-Malware.ru selected 17 malicious programs based on the following criteria:
- Detection of the parent file by all of the antivirus solutions tested.
- Ability to mask the malicious program’s presence in the system.
- Ability to interfere with the installation and operation of the antivirus solutions.
- Ability to recover after deletion some program components.
- All malicious programs had to be sufficiently widespread and well known.
During the selection of the malicious programs to be used for testing, preference was given to the most sophisticated samples that met the above criteria to the greatest extent.
It should be noted that a critical parameter for the selection of the malicious programs to be used for testing was the detection by all antivirus products tested of the malicious programs selected.
All of the malicious programs used for testing were in the wild samples, i.e., they were collected as they spread over the Internet (in the wild).
The following malicious programs were selected for analysis (the Kaspersky Lab classification is used here):
- Adware.Win32. Look2me.ab
- Adware. Win32.NewDotNet
- AdWare.Win32.Virtumonde.bq
- Backdoor.Win32.Haxdoor.ix
- Backdoor.Win32.PcClient.ca
- Email-Worm.Win32.Scano.ac
- Trojan-Clicker.Win32.Costrat.l
- Trojan-Downloader.Win32.Agent.brr
- Trojan-Downloader.Win32.Agent.brk
- Trojan-Proxy.Win32.Agent.lb
- Trojan-Proxy.Win32.Wopla.ag
- Trojan-Proxy. Win32.Xorpix.ba
- Trojan-Spy.Win32.Bancos.aam
- Trojan-Spy.Win32.Goldun.ls
- Virus.Win32.Gpcode.af
- Rootkit.Win32.Agent.ea
- SpamTool.Win32.Agent.u
Each malicious program sample was tested for correct installation and operation on the test system.
Until publication of the results of this test, the list of malicious programs was kept secret and was not provided to any of the vendors whose antivirus products were used.
Search
User login
Poll
Recent blog posts
- Russian antivirus market continues to grow
- VoIP hackers strike Perth business
- Will EDoS be the next DDoS?
- Why you should not use ‘OR 1=1’ when testing for SQL injection
- 12 security suites tested and 12 security suites fail
- I lost my login, and we are starting a new company too
- Turbo-charged wireless hacks threaten networks
- Russia’s antivirus market doubles in size
- Eset vs. Anti-Malware.ru
- Regarding rumors about my affiliation with antivirus vendors
Strategic partners
Recent comments
49 weeks 1 day ago
2 years 1 week ago
2 years 2 weeks ago
2 years 5 weeks ago
2 years 15 weeks ago
2 years 19 weeks ago
2 years 19 weeks ago
2 years 19 weeks ago
2 years 34 weeks ago
2 years 45 weeks ago