I assume we can also send files that are NOT being Detected by CAV 3.
I zipped & submitted AV 2009 with Subject “INFECTED” and password “infected”. Does CAV Also Detect Rouge Software? Anyway it’s off to the labs.
Josh
Here is the Report by CIMA.
Josh
[attachment deleted by admin]
keep sending them to us pls…
thanks
Melih
I’m getting the impression that CIMA detects malware installers:
http://camas.comodo.com/cgi-bin/submit?file=6196c4065e1c4105bab81bc2b4bea41c086108a3a00aa93639660a87bbcf6508
but not the malware files which are installed:
http://camas.comodo.com/cgi-bin/submit?file=2b2678c701c94fc0de244dc2e7061fb3a89dccfca05a6c1ef6469fd3e7cf9193
DarthTrader
The “problem” is this.
If you have a rouge AV download then if you try to install it it looks like a normal application and you have to press buttons like next and finish.
BUT !! if the Malware downloader is active it will “pre-script” it and silent install the AV.
I’m not sure if CIMA can “play user behavior” already.
you are 100% right Ronny. We are working on the user behaviour simulation.
Melih
So you guys can also detect Rouges with this behavior simulation? I guess part of the reason is also Heuristics which you mentioned will be available in the coming months…
Josh
yes it will detect the tricks malware authors put requiring user interaction. CIMA already uses Heuristic but like you said, we have even better heuristic coming soon.
Melih
Yes I know Heuristics is in CIMA already.
And looking forward to it!
Josh