Penetration Testing mailing list archives

Re: Malware URI list

From: Daniel Crowley <dcrowley () coresecurity com>
Date: Mon, 14 Mar 2011 12:04:51 -0400

IMO, a test of any antivirus system should include:

1) Several known malware samples.
2) At least one private, custom variation on a piece of malware. (AV
companies will likely rip my head off for suggesting the creation of new
malware, but to use 4chan terminology, this is analogous to "pissing in
an ocean of piss". The problem isn't going to get much worse, especially
if you isolate yourself and wipe the malware after tests.)
3) At least one private, custom piece of malware. (Same rant as above
applies here)
4) A program which could potentially be used for malicious purposes or
legitimate purposes. (One such as netcat or one of its variants, a
silent VNC server installer, etc)

Evaluating detection rate is good, but take this into consideration: An
employee of an AV company who will go unnamed recently told me that his
company had done nothing but update the signatures for its product, not
the heuristics, for the period of two years. This is one of the better
AV products on the market, too.

As a side note, the EICAR test file is a known trigger for antivirus
systems. Detecting or not detecting it is supposed to be an indication
of whether or not your antivirus system is enabled, not whether it's
doing a good job detecting malicious things.

Cheers,
--
dc

On 3/13/2011 12:11 AM, vedantamsekhar () gmail com wrote:

Eicar.com is good one, but i tnink almost all av scanners by default blcoks them, as it so well known.
For evaluation of AV, we need to look for some thing which is not known to vendors and also safe to run on the system.

Thanks,
Sekhar

Sent from my Nokia phone
-----Original Message-----
From: Matias Katz
Sent:  11/03/2011 5:01:58 pm
To: navin1406 () yahoo com
Cc: arjunsam () gmail com; listbounce () securityfocus com; pen-test () securityfocus com
Subject:  Re: Malware URI list

Did you mean eicar.com ?

If so, you can download it from http://www.eicar.org/download/eicar.com.txt

The AV shouldn't let you download it.

You can also test your Anti-SPAM filters with GTUBE:
http://spamassassin.apache.org/gtube/

Also, I've developed a keylogger in C# which should also trigger your AV
alerts: http://www.matiaskatz.com/k-log

Don't worry, the app is harmless. It will only leave a TXT file in your
C:\ and show an alert message every 2 minutes. But it should test your
AV strength

Good luck!

Matias Katz

matias () matiaskatz com
GPG: 0x8C7C3B7E


On 11/03/11 03:26, navin1406 () yahoo com wrote:

Try aicar.com. Thanks
------Original Message------
From: arjunsam () gmail com
Sender: listbounce () securityfocus com
To: pen-test () securityfocus com
Subject: Malware URI list
Sent: Mar 10, 2011 08:04

Guys,

I'm working on accessing the detection rate and of some Anti-Virus solutions. Do you any you guys have a list of 
malware uri and willing to share it for my testing.

Thanks,
Arjun

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Sent on my BlackBerry® from Vodafone


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Malware URI list arjunsam (Mar 10)
- Re: Malware URI list David Maciejak (Mar 11)
- Re: Malware URI list Hristiyan Lazarov (Mar 14)
- <Possible follow-ups>
- Re: Malware URI list navin1406 (Mar 10)
  - Re: Malware URI list navin1406 (Mar 11)
  - RE: Malware URI list Gurdeep dhilllon (Mar 11)
  - Re: Malware URI list Matias Katz (Mar 11)
- Re: Malware URI list Sandeep Cheema (Mar 11)
- RE: Malware URI list vedantamsekhar () gmail com (Mar 14)
  - Re: Malware URI list Todd Haverkos (Mar 14)
  - Re: Malware URI list Daniel Crowley (Mar 14)
  - Re: Malware URI list AK (Mar 14)