Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Malware URI list

From: Todd Haverkos <infosec () haverkos com>
Date: Mon, 14 Mar 2011 10:46:26 -0500

eicar.com is NOT a good suggestion for Arjun's original request of
known malware URI's for use in testing the relative efficacy of
Anti-virus products.  Pretty much all AV's are going to know of the
EICAR test file, and, as such, "Yes, the AV detects the EICAR test
file" tells you only whether a given AV solution as-installed is
working at all.  Unfortunately it is useless in a comparative test of
efficacy against modern malware.

One Malware URI database that I have bookmarked is
    http://www.malwareurl.com/listing-urls.php  
I have no idea whether it's a good one or not, though. 

Doing comparative AV testing is really really hard, and grabbing
representative samples that are truly in the wild and fresh is among
the biggest challenges.  There are groups who are esteemed for doing a
rather good job of it though... NSS Labs among them.  Their consumer
AV results are avaialble for free, but you'll have to pay for
Enterprise AV results. 
       http://www.nsslabs.com/research/endpoint-security/anti-malware/
That's not unreasonable because it takes a lot of effort to do such
testing correctly. 

AVComparatives is also oft-mentioned.  Their results should be worth a
look as well.  http://www.av-comparatives.org/   


Arjun you might also be interested in a podcast... I'd heard a podcast
with the NSS Labs guys where they were interviewed about their work
testing AV and also mentioning the exploit marketplace they were
launching.   Unfortunately I can't remember which of the podcasts I
follow they were on. Maybe this one? 
       http://exoticliability.libsyn.com/exotic-liability-66-exploit-hub
or 
       http://www.mckeay.net/2010/03/16/network-security-podcast-episode-189/

Also perhaps of interest  was this podcast that was focused on
comparative testing on a rather specific threat.  I may not answer
your original question, but may guide you in your testing methodology: 
     http://www.nsslabs.com/resources/webinars/videos/podcast:-gene-kim-and-rick-moy-dscuss-the-aurora-attacks.html

Good luck! We'd love to hear your results. 

--
Todd Haverkos, LPT MsCompE
http://haverkos.com/



"vedantamsekhar () gmail com" <vedantamsekhar () gmail com> writes:

Eicar.com is good one, but i tnink almost all av scanners by default
blcoks them, as it so well known.  For evaluation of AV, we need to
look for some thing which is not known to vendors and also safe to
run on the system.

Thanks,
Sekhar

Sent from my Nokia phone
-----Original Message-----
From: Matias Katz
Sent:  11/03/2011 5:01:58 pm
To: navin1406 () yahoo com
Cc: arjunsam () gmail com; listbounce () securityfocus com; pen-test () securityfocus com
Subject:  Re: Malware URI list

Did you mean eicar.com ?

If so, you can download it from http://www.eicar.org/download/eicar.com.txt

The AV shouldn't let you download it.

You can also test your Anti-SPAM filters with GTUBE:
http://spamassassin.apache.org/gtube/

Also, I've developed a keylogger in C# which should also trigger your AV
alerts: http://www.matiaskatz.com/k-log

Don't worry, the app is harmless. It will only leave a TXT file in your
C:\ and show an alert message every 2 minutes. But it should test your
AV strength

Good luck!

Matias Katz

matias () matiaskatz com
GPG: 0x8C7C3B7E


On 11/03/11 03:26, navin1406 () yahoo com wrote:

Try aicar.com. Thanks
------Original Message------
From: arjunsam () gmail com
Sender: listbounce () securityfocus com
To: pen-test () securityfocus com
Subject: Malware URI list
Sent: Mar 10, 2011 08:04

Guys,

I'm working on accessing the detection rate and of some Anti-Virus solutions. Do you any you guys have a list of 
malware uri and willing to share it for my testing.

Thanks,
Arjun

------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: