Author Topic: AV 2009 (Not being Detected) (Read 11592 times)

3xist · « **on:** September 12, 2008, 09:31:57 PM »

I assume we can also send files that are NOT being Detected by CAV 3.

I zipped & submitted AV 2009 with Subject "INFECTED" and password "infected". Does CAV Also Detect Rouge Software? Anyway it's off to the labs.

Josh

3xist · « **Reply #1 on:** September 12, 2008, 09:35:53 PM »

Here is the Report by CIMA.

Josh

[attachment deleted by admin]

Melih · « **Reply #2 on:** September 12, 2008, 09:39:35 PM »

keep sending them to us pls..
thanks
Melih

3xist · « **Reply #3 on:** September 12, 2008, 09:41:33 PM »

Quote from: Melih on September 12, 2008, 09:39:35 PM

keep sending them to us pls..
thanks
Melih

DarthTrader · « **Reply #4 on:** September 12, 2008, 10:25:05 PM »

I'm getting the impression that CIMA detects malware installers:
http://camas.comodo.com/cgi-bin/submit?file=6196c4065e1c4105bab81bc2b4bea41c086108a3a00aa93639660a87bbcf6508

but not the malware files which are installed:
http://camas.comodo.com/cgi-bin/submit?file=2b2678c701c94fc0de244dc2e7061fb3a89dccfca05a6c1ef6469fd3e7cf9193

DarthTrader

Ronny · « **Reply #5 on:** September 13, 2008, 04:25:01 AM »

The "problem" is this.

If you have a rouge AV download then if you try to install it it looks like a normal application and you have to press buttons like next and finish.

BUT !! if the Malware downloader is active it will "pre-script" it and silent install the AV.

I'm not sure if CIMA can "play user behavior" already.

Melih · « **Reply #6 on:** September 13, 2008, 07:39:42 AM »

Quote from: Ronny on September 13, 2008, 04:25:01 AM

The "problem" is this.

If you have a rouge AV download then if you try to install it it looks like a normal application and you have to press buttons like next and finish.

BUT !! if the Malware downloader is active it will "pre-script" it and silent install the AV.

I'm not sure if CIMA can "play user behavior" already.

you are 100% right Ronny. We are working on the user behaviour simulation.

Melih

3xist · « **Reply #7 on:** September 13, 2008, 07:46:01 AM »

Quote from: Melih on September 13, 2008, 07:39:42 AM

you are 100% right Ronny. We are working on the user behaviour simulation.

Melih

So you guys can also detect Rouges with this behavior simulation? I guess part of the reason is also Heuristics which you mentioned will be available in the coming months...

Josh

Melih · « **Reply #8 on:** September 13, 2008, 07:48:16 AM »

Quote from: 3xist on September 13, 2008, 07:46:01 AM

So you guys can also detect Rouges with this behavior simulation? I guess part of the reason is also Heuristics which you mentioned will be available in the coming months...

Josh

yes it will detect the tricks malware authors put requiring user interaction. CIMA already uses Heuristic but like you said, we have even better heuristic coming soon.

Melih

3xist · « **Reply #9 on:** September 13, 2008, 07:50:22 AM »

Quote from: Melih on September 13, 2008, 07:48:16 AM

yes it will detect the tricks malware authors put requiring user interaction. CIMA already uses Heuristic but like you said, we have even better heuristic coming soon.

Melih

Yes I know Heuristics is in CIMA already.

And looking forward to it!

Josh

Author Topic: AV 2009 (Not being Detected) (Read 11592 times)

3xist

AV 2009 (Not being Detected)

3xist

Re: AV 2009 (Not being Detected)

Melih

Re: AV 2009 (Not being Detected)

3xist

Re: AV 2009 (Not being Detected)

DarthTrader

Re: AV 2009 (Not being Detected)

Ronny

Re: AV 2009 (Not being Detected)

Melih

Re: AV 2009 (Not being Detected)

3xist

Re: AV 2009 (Not being Detected)

Melih

Re: AV 2009 (Not being Detected)

3xist

Re: AV 2009 (Not being Detected)