funsec mailing list archives
RE: Consumer Reports Slammed for Creating 'Test' Viruses
From: Peter Kosinar <goober () nuf ksp sk>
Date: Thu, 17 Aug 2006 02:09:05 +0200 (CEST)
Hello guys,Let's ignore the ethical point of view (= that they shouldn't have created the viruses; regardless of the purpose of doing so) for now... There are two things which I find rather interesting from the scientific standpoint (they might reveal what this test actually measured, if anything ;-) ).
Quoting from the original announcement:
To pit the software against novel threats not identified on signature lists, we created 5,500 new virus variants derived from six categories of known viruses, the kind you'd most likely encounter in real life. That done, we unleashed the new viruses in our labs to see how well the products detected them while scanning. Then we infected our lab computer with each of 185 of them to see whether the products could better detect viruses that were actively executing, based on their behavior.
Question #1: So, they created 5500 new variants but infected the computer with 185 viruses... Why? What was so special about them?
Question #2: -How- did they create these "new variants"? I've seen tons of amateur attempts to "evaluate how AVs can detect modified variants of existing malware". In most cases, it turned out that they simply took an existing piece of malware and got rid of -visible strings- by replacing them with spaces/their own strings/etc... including strings like "KERNEL32.DLL" or "GetProcAddress" used for imports ;-)
Does anyone have more information about the approach taken by ConsumerReports?
Peter -- [Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278 _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Consumer Reports Slammed for Creating 'Test' Viruses Fergie (Aug 16)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Michal Zalewski (Aug 16)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Valdis . Kletnieks (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Blanchard_Michael (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
- <Possible follow-ups>
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Fergie (Aug 16)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 16)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Nick FitzGerald (Aug 16)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Peter Kosinar (Aug 16)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Fergie (Aug 16)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Michal Zalewski (Aug 16)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Blanchard_Michael (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses security curmudgeon (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Valdis . Kletnieks (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Dude VanWinkle (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Larry Seltzer (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses David Harley (Aug 17)
- RE: Consumer Reports Slammed for Creating 'Test' Viruses Drsolly (Aug 17)
- Re: Consumer Reports Slammed for Creating 'Test' Viruses Michal Zalewski (Aug 16)