Selection of malware for the testing antiviruses for the treatment of active infections II

Selection of malicious programs for the testing antivirus products for the treatment of active infections (second test).

For the purposes of testing antivirus programs for the treatment of active infections, the expert group from Anti-Malware.ru selected 17 malicious programs based on the following criteria:

  1. Detection of the parent file by all of the antivirus solutions tested.
  2. Ability to mask the malicious program’s presence in the system.
  3. Ability to interfere with the installation and operation of the antivirus solutions.
  4. Ability to recover after deletion some program components.
  5. All malicious programs had to be sufficiently widespread and well known.

During the selection of the malicious programs to be used for testing, preference was given to the most sophisticated samples that met the above criteria to the greatest extent.

It should be noted that a critical parameter for the selection of the malicious programs to be used for testing was the detection by all antivirus products tested of the malicious programs selected.

All of the malicious programs used for testing were in the wild samples, i.e., they were collected as they spread over the Internet (in the wild).

The following malicious programs were selected for analysis (the Kaspersky Lab classification is used here):

  1. Adware.Win32. Look2me.ab
  2. Adware. Win32.NewDotNet
  3. AdWare.Win32.Virtumonde.bq
  4. Backdoor.Win32.Haxdoor.ix
  5. Backdoor.Win32.PcClient.ca
  6. Email-Worm.Win32.Scano.ac
  7. Trojan-Clicker.Win32.Costrat.l
  8. Trojan-Downloader.Win32.Agent.brr
  9. Trojan-Downloader.Win32.Agent.brk
  10. Trojan-Proxy.Win32.Agent.lb
  11. Trojan-Proxy.Win32.Wopla.ag
  12. Trojan-Proxy. Win32.Xorpix.ba
  13. Trojan-Spy.Win32.Bancos.aam
  14. Trojan-Spy.Win32.Goldun.ls
  15. Virus.Win32.Gpcode.af
  16. Rootkit.Win32.Agent.ea
  17. SpamTool.Win32.Agent.u

Each malicious program sample was tested for correct installation and operation on the test system.

Until publication of the results of this test, the list of malicious programs was kept secret and was not provided to any of the vendors whose antivirus products were used.