• Decrease font size
  • Default font size
  • Increase font size
How much faith can we put in anti-virus scanners? PDF Print E-mail
Written by Administrator   
Thursday, 14 August 2008 17:08

A) Not much I'm afraid. 

This week my clients have been bombarded with malware via e-mail from a variety of sources. A lot of it is getting through even layered defences. Here's a sample of one e-mail attachment, a spoofed invoice for a flight from a reputable airline, and how it scanned by the various anti-virus vendors.

These results are not good...

Complete scanning result of "ticket_983992.exe", processed in VirusTotal at 08/15/2008 00:45:45 (CET).

[ file data ]
* name..: ticket_983992.exe
* size..: 31064
* md5...: a406859197c18a46fdaa06cef3e21cd7
* sha1..: a23a44ac44a534e4a5831452fb005cd4291e8bd1
* peid..: -

[ scan result ]
AhnLab-V3 2008.8.15.0/20080814 found nothing
AntiVir 7.8.1.19/20080814 found [TR/Crypt.ULPM.Gen]
Authentium 5.1.0.4/20080814 found [W32/Trojan-Gypikon-based.DM2!Maximus]
Avast 4.8.1195.0/20080814 found nothing
AVG 8.0.0.161/20080814 found nothing
BitDefender 7.2/20080815 found [Trojan.Crypt.EE]
CAT-QuickHeal 9.50/20080814 found [(Suspicious) - DNAScan]
ClamAV 0.93.1/20080814 found nothing
DrWeb 4.44.0.09170/20080814 found nothing
eSafe 7.0.17.0/20080814 found nothing
eTrust-Vet 31.6.6032/20080814 found nothing
Ewido 4.0/20080814 found nothing
F-Prot 4.4.4.56/20080814 found [W32/Trojan-Gypikon-based.DM2!Maximus]
F-Secure 7.60.13501.0/20080814 found nothing
Fortinet 3.14.0.0/20080814 found nothing
GData 2.0.7306.1023/20080814 found nothing
Ikarus T3.1.1.34.0/20080814 found nothing
K7AntiVirus 7.10.415/20080814 found nothing
Kaspersky 7.0.0.125/20080815 found nothing
McAfee 5361/20080814 found nothing
Microsoft 1.3807/20080815 found nothing
NOD32v2 3357/20080814 found nothing
Norman 5.80.02/20080814 found nothing
Panda 9.0.0.4/20080814 found [Suspicious file]
PCTools 4.4.2.0/20080814 found nothing
Prevx1 V2/20080815 found nothing
Rising 20.57.32.00/20080814 found nothing
Sophos 4.32.0/20080814 found nothing
Sunbelt 3.1.1542.1/20080813 found nothing
Symantec 10/20080815 found nothing
TheHacker 6.3.0.3.046/20080813 found nothing
TrendMicro 8.700.0.1004/20080814 found [Mal_Banker]
VBA32 3.12.8.3/20080814 found nothing
ViRobot 2008.8.14.1337/20080814 found nothing
VirusBuster 4.5.11.0/20080814 found nothing
Webwasher-Gateway 6.6.2/20080814 found [Trojan.Crypt.ULPM.Gen]

Via http://www.virustotal.com/

 
Last Updated on Wednesday, 18 March 2009 15:12