Malware creation breaks all records! 160,000 new samples every day

Page 2 of 2 FirstFirst 12

  1. Posts : 4,566
    Windows 10 Pro

    Well if windows phones numbers stay as low as they are, it's not a bad choice :) The added benefit is if the numbers stay low, it might die off like the kin. I don't want that to happen. Just saying. Extremely low market share. But in security that is a good thing.

    I use a custom secure rom for android and I like it. Gives me functionality I need with UAC like protection on the phone.
      My Computer

  2. Posts : 10,485
    W7 Pro SP1 64bit

    As far as I can tell*, VT does not use behavioral heuristics. They don't run the malware and see what it does. They can only make use of an AV's analytical heuristics (e.g. we think that this code will delete all of your files). Analytical heuristics is thwarted by some types of code obfuscation and encrypting payload files.

    *but I did not spend a whole lot of time on this. I researched it years ago. I like the VT tool. Perhaps I'm too cautious/critical of those mining data from VT.

    Perhaps the "stronger" heuristics is just "higher than default settings":
    Some of the solutions included in VirusTotal are parametrized (in coherence with the developer company's desire) with a different heuristic/agressiveness level than the official end-user default configuration.
    False positives at VT will not quarantine a critical OS file. Hence the highest settings possible.
      My Computer

  3. Posts : 54,463
    Windows 10 Home x64
    Thread Starter

    I have a believe that these new malware are a shotgun approach. Picking off the low hanging fruit. My suspicion is there are perhaps a handful of really carefully crafted, polymorphic malware that remain undetected throughout. They defy behavioral analysis, and change before they are detected. These may go undetected for years, or never be detected. Just a thought, I have never seen it mentioned. A Guy
      My Computer

  4. Posts : 568
    Windows 7 64-bit, Windows 8.1 64-bit, OSX El Capitan, Windows 10 (VMware)

    Running the malware to see what it does would require a VM, or a sandbox of sort, prior to allowing it to run in the target system. The performance of such protection would be slow for the end users. Most AVs use heuristic approach, that is signature based with wildcard characters, that protects against "copy cat" malware.

    I do mass emailing on a periodic basis, by using a service in the cloud. Once the mass email has been created, it is tested against a dozens of spam filtering engines. If the email is flagged as spam, it provides a suggested change to evade being flagged as spam. How does this relate the subject? Well, most malware creators use similar method, where they test their malware against AV engines. The chances are that their test isn't in the cloud, but they do test the new code against the latest/greatest AVs that includes heauristic/behavior based tests.
      My Computer

  5. Posts : 10,485
    W7 Pro SP1 64bit

    Cr00zng said:
    Running the malware to see what it does would require a VM...
    Which I don't think VirusTotal does.
    Which means there is no analysis of the file's behavior.
    Which means the "stronger heuristics" in the FAQ refers to analytical heuristics, not behavioral heuristics.
    Which is a much weaker test than you can do with you local AV tool.

    "Stronger" is Google's poor choice of words. VT is simply using a more aggressive heuristics setting for the limited/weaker type of heuristics testing that they can do.

    The research lab (or perhaps just the article's author) mentioned an average of two days for a set of circumstances. Readers of the article jump to the conclusion that this is how long it takes AV companies to process a file. Your conclusion was, "The conclusion is that the AV will protect the system against known malware only and releasing a definition for new malware will take at least two days."

    I'm not sure that this is a correct conclusion.

    If the file had shown up on a computer protected by (let's say AVAST), then that same file could be flagged within minutes if the behavioral heuristics analyses found it to be bad. That same file could be in AVAST's signature list within hours... not days.

    Do we even know for sure that the files submitted to VT are forwarded on to each AV company for processing? If they are, do the AV companies put them at the top of the list of files to be analyzed further? Or are files that come from real customers with real computers at the top of that list? How many files that are submitted to VT are not in the wild? (e.g. never make it to a real computer).
      My Computer

Page 2 of 2 FirstFirst 12

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:16.
Find Us