Penetration Testing mailing list archives
Re: Malware URI list
From: Daniel Crowley <dcrowley () coresecurity com>
Date: Mon, 14 Mar 2011 12:04:51 -0400
IMO, a test of any antivirus system should include: 1) Several known malware samples. 2) At least one private, custom variation on a piece of malware. (AV companies will likely rip my head off for suggesting the creation of new malware, but to use 4chan terminology, this is analogous to "pissing in an ocean of piss". The problem isn't going to get much worse, especially if you isolate yourself and wipe the malware after tests.) 3) At least one private, custom piece of malware. (Same rant as above applies here) 4) A program which could potentially be used for malicious purposes or legitimate purposes. (One such as netcat or one of its variants, a silent VNC server installer, etc) Evaluating detection rate is good, but take this into consideration: An employee of an AV company who will go unnamed recently told me that his company had done nothing but update the signatures for its product, not the heuristics, for the period of two years. This is one of the better AV products on the market, too. As a side note, the EICAR test file is a known trigger for antivirus systems. Detecting or not detecting it is supposed to be an indication of whether or not your antivirus system is enabled, not whether it's doing a good job detecting malicious things. Cheers, -- dc On 3/13/2011 12:11 AM, vedantamsekhar () gmail com wrote:
Eicar.com is good one, but i tnink almost all av scanners by default blcoks them, as it so well known. For evaluation of AV, we need to look for some thing which is not known to vendors and also safe to run on the system. Thanks, Sekhar Sent from my Nokia phone -----Original Message----- From: Matias Katz Sent: 11/03/2011 5:01:58 pm To: navin1406 () yahoo com Cc: arjunsam () gmail com; listbounce () securityfocus com; pen-test () securityfocus com Subject: Re: Malware URI list Did you mean eicar.com ? If so, you can download it from http://www.eicar.org/download/eicar.com.txt The AV shouldn't let you download it. You can also test your Anti-SPAM filters with GTUBE: http://spamassassin.apache.org/gtube/ Also, I've developed a keylogger in C# which should also trigger your AV alerts: http://www.matiaskatz.com/k-log Don't worry, the app is harmless. It will only leave a TXT file in your C:\ and show an alert message every 2 minutes. But it should test your AV strength Good luck! Matias Katz matias () matiaskatz com GPG: 0x8C7C3B7E On 11/03/11 03:26, navin1406 () yahoo com wrote:Try aicar.com. Thanks ------Original Message------ From: arjunsam () gmail com Sender: listbounce () securityfocus com To: pen-test () securityfocus com Subject: Malware URI list Sent: Mar 10, 2011 08:04 Guys, I'm working on accessing the detection rate and of some Anti-Virus solutions. Do you any you guys have a list of malware uri and willing to share it for my testing. Thanks, Arjun ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ Sent on my BlackBerry® from Vodafone------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Malware URI list arjunsam (Mar 10)
- Re: Malware URI list David Maciejak (Mar 11)
- Re: Malware URI list Hristiyan Lazarov (Mar 14)
- <Possible follow-ups>
- Re: Malware URI list navin1406 (Mar 10)
- Re: Malware URI list navin1406 (Mar 11)
- RE: Malware URI list Gurdeep dhilllon (Mar 11)
- Re: Malware URI list Matias Katz (Mar 11)
- Re: Malware URI list Sandeep Cheema (Mar 11)
- RE: Malware URI list vedantamsekhar () gmail com (Mar 14)
- Re: Malware URI list Todd Haverkos (Mar 14)
- Re: Malware URI list Daniel Crowley (Mar 14)
- Re: Malware URI list AK (Mar 14)