Penetration Testing mailing list archives
Re: Malware URI list
From: Todd Haverkos <infosec () haverkos com>
Date: Mon, 14 Mar 2011 10:46:26 -0500
eicar.com is NOT a good suggestion for Arjun's original request of known malware URI's for use in testing the relative efficacy of Anti-virus products. Pretty much all AV's are going to know of the EICAR test file, and, as such, "Yes, the AV detects the EICAR test file" tells you only whether a given AV solution as-installed is working at all. Unfortunately it is useless in a comparative test of efficacy against modern malware. One Malware URI database that I have bookmarked is http://www.malwareurl.com/listing-urls.php I have no idea whether it's a good one or not, though. Doing comparative AV testing is really really hard, and grabbing representative samples that are truly in the wild and fresh is among the biggest challenges. There are groups who are esteemed for doing a rather good job of it though... NSS Labs among them. Their consumer AV results are avaialble for free, but you'll have to pay for Enterprise AV results. http://www.nsslabs.com/research/endpoint-security/anti-malware/ That's not unreasonable because it takes a lot of effort to do such testing correctly. AVComparatives is also oft-mentioned. Their results should be worth a look as well. http://www.av-comparatives.org/ Arjun you might also be interested in a podcast... I'd heard a podcast with the NSS Labs guys where they were interviewed about their work testing AV and also mentioning the exploit marketplace they were launching. Unfortunately I can't remember which of the podcasts I follow they were on. Maybe this one? http://exoticliability.libsyn.com/exotic-liability-66-exploit-hub or http://www.mckeay.net/2010/03/16/network-security-podcast-episode-189/ Also perhaps of interest was this podcast that was focused on comparative testing on a rather specific threat. I may not answer your original question, but may guide you in your testing methodology: http://www.nsslabs.com/resources/webinars/videos/podcast:-gene-kim-and-rick-moy-dscuss-the-aurora-attacks.html Good luck! We'd love to hear your results. -- Todd Haverkos, LPT MsCompE http://haverkos.com/ "vedantamsekhar () gmail com" <vedantamsekhar () gmail com> writes:
Eicar.com is good one, but i tnink almost all av scanners by default blcoks them, as it so well known. For evaluation of AV, we need to look for some thing which is not known to vendors and also safe to run on the system. Thanks, Sekhar Sent from my Nokia phone -----Original Message----- From: Matias Katz Sent: 11/03/2011 5:01:58 pm To: navin1406 () yahoo com Cc: arjunsam () gmail com; listbounce () securityfocus com; pen-test () securityfocus com Subject: Re: Malware URI list Did you mean eicar.com ? If so, you can download it from http://www.eicar.org/download/eicar.com.txt The AV shouldn't let you download it. You can also test your Anti-SPAM filters with GTUBE: http://spamassassin.apache.org/gtube/ Also, I've developed a keylogger in C# which should also trigger your AV alerts: http://www.matiaskatz.com/k-log Don't worry, the app is harmless. It will only leave a TXT file in your C:\ and show an alert message every 2 minutes. But it should test your AV strength Good luck! Matias Katz matias () matiaskatz com GPG: 0x8C7C3B7E On 11/03/11 03:26, navin1406 () yahoo com wrote:Try aicar.com. Thanks ------Original Message------ From: arjunsam () gmail com Sender: listbounce () securityfocus com To: pen-test () securityfocus com Subject: Malware URI list Sent: Mar 10, 2011 08:04 Guys, I'm working on accessing the detection rate and of some Anti-Virus solutions. Do you any you guys have a list of malware uri and willing to share it for my testing. Thanks, Arjun ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Malware URI list arjunsam (Mar 10)
- Re: Malware URI list David Maciejak (Mar 11)
- Re: Malware URI list Hristiyan Lazarov (Mar 14)
- <Possible follow-ups>
- Re: Malware URI list navin1406 (Mar 10)
- Re: Malware URI list navin1406 (Mar 11)
- RE: Malware URI list Gurdeep dhilllon (Mar 11)
- Re: Malware URI list Matias Katz (Mar 11)
- Re: Malware URI list Sandeep Cheema (Mar 11)
- RE: Malware URI list vedantamsekhar () gmail com (Mar 14)
- Re: Malware URI list Todd Haverkos (Mar 14)
- Re: Malware URI list Daniel Crowley (Mar 14)
- Re: Malware URI list AK (Mar 14)