Modern Warfare 2012

Posted on January 2, 2012 by Sveta

Rootkit, Bootkit, Adware, Backdoor, BHO, Downloader, Email Worm, Exploit, Flooder, Hack Tool, Hoax, Script, HTML, VB, JS, Bat, Fat, Net Worm, P2P Worm, Packed, Constructor , Packer, SQL, IM Worm, PWS, Spy, Dropper, Banker, Clicker, Proxy, SMS, GameThief, Ransom, Virus, Worm, Spyware, Fake AV, Fraud, Win32, Win64, Android….

Above is a list detailing just some of the malware categories MRG Effitas processes in its labs. Each individual category of malware may have tens or hundreds of thousands of variants. Each and every day, each category will spawn tens of thousands more variants.

The war is on, let’s work smart and join forces and win it!

MRG Effitas Team.

Single Product Flash Test – Sourcefire Immunet Plus, December 2011

Posted on December 19, 2011 by Sveta

Single Product Flash Test

Product: Sourcefire Immunet Plus

Product Version: 3.0.5.7688

Operating System: Windows 7 32-Bit

Amount of samples used: 50

Results Table:

Trojans Set 1	Trojans Set 2	Backdoors	Spy/PWS	Other
Cidox	Mudrop	Bifrose	Zeus	TDSS
Rimecud	Hiloti	Ursap	Qbot	Obfuscated
Cosmu	Ramnit	Dsbot	Banker	Ransom
Yakes	Liac	Zegost	Dybalom	Bybz
Genome	Midgare	Poison	Kykymber	AutoIt
Inject	Banload	Trukojan	LdPinch	Pdfka
Delf	Renos	Begman	Banbra	ZAccess
Dipel	Pincav	Cycbot	SpyEye	Alureon
Menti	FakeSysdef	Koutodoor	Carberp	Vobfus
Jorik	Refroso	Hupigon	Pophot	FakeAV

System Status: Secure

Legend:

Green – Passed

Red – Failed

Single Product Flash Test – SUPERAntispyware Professional, December 2011

Posted on December 16, 2011 by Sveta

Single Product Flash Test

Product: SUPERAntispyware Professional

Product Version: 5.0.4412

Operating System: Windows 7 32-Bit

Amount of samples used: 50

Results Table:

Trojans Set 1	Trojans Set 2	Backdoors	Spy/PWS	Other
Menti	Delf	Ruskill	Usteal	Alureon
Inject	Frijoiner	Shark	Zeus	FakeAV
Sasfis	Vilsel	Bifrose	Banker	Ransom
Refroso	Dapato	Hupigon	Bancos	Krap
Swisyn	Liac	Kredoor	QQPass	AutoRun
Pasta	Scar	DsBot	SpyEye	ZAccess
Rbot	Malf	AgoBot	Carberp	TDSS
Yakes	Ircbrute	Poison	Fingotok	VBNA
Zmunik	Jorik	Turkojan	Sinowal	Sality
Buzus	Small	Optix	Ruftar	Kokab

System Status: Compromised

Legend:

Green – Passed

Red – Failed

Latest version of Webroot Secure Anywhere bypassed by MRG Effitas FM Simulator

Posted on December 12, 2011 by Sveta

Single Product Flash Test – ESET Nod32 Antivirus, December 2011

Posted on December 1, 2011 by Sveta

Single Product Flash Test

Product: ESET Nod32 Antivirus

Product Version: 5.0.94.0

Operating System: Windows 7 32-Bit

Amount of samples used: 50

Results Table:

Trojans Set 1	Trojans Set 2	Backdoors	Financial Malware	Other
MMM	Scar	Rbot	Kykymber	FakeAV
Pasta	Zapchast	Poison	Sinowal	VBNA
Menti	Pakes	Cycbot	Bancos	Cidox
Jorik	Bredolab	Cazdoor	Zeus	Dracur
ServStart	Diple	Mytobor	Carberp	AutoIt
Skills	Rincux	Hupigon	Banbra	Vobfus
Hiloti	Sasfis	Xtrat	Tepfer	Alureon
Renos	Renum	Shiz	SpyEye	TDSS
Midgare	Small	Buterat	QQShou	Ransom
Inject	Swysin	Gobot	Banker	ZAccess

System Status: Compromised

Legend:

Green – Passed

Red – Failed

Single Product Flash Test – Zemana AntiMalware, November 2011

Posted on November 24, 2011 by Sveta

Single Product Flash Test

Product: Zemana AntiMalware powered by HitmanPro

Product Version: 1.30

Operating System: Windows 7 32-Bit

Amount of samples used: 50

Results Table:

Trojans Set 1	Trojans Set 2	Backdoors	Financial Malware	Other
Menti	Liac	Bifrose	Banker	Pohernah
Webprefix	Jorik	Ceckno	Adramax	FakeAV
Banload	Inject	Hupigon	Zeus	Krap
Small	Mepaow	KeyStart	Wemon	AutoRun
Swisyn	Zmunik	Shark	Carberp	VBInject
Gluk	Buzus	Poison	Papras	Ngrbot
Scar	Bredolab	Kelihos	Vkont	BHO
Pher	Zapchast	Cycbot	Malintent	ZAccess
Injector	Pakes	Ruskill	Sinowal	Ransom
Vilsel	Gabba	Fynloski	SpyEye	Hamweq

System Status: Compromised

Legend:

Green – Passed

Red – Failed

Orange – Remediation Attempt Successful

Because Zemana AntiMalware provides on demand detection only – that is to say, it is designed to be used to scan samples via the context menu or scan a whole system to detect active infections and then provide remediation, we have changed the testing methodology.

Malware samples were pulled from live URLs, verified in our labs and then testing was conducted as follows:

1) The malware samples were placed in a folder on the desktop and scanned using a context menu.

2) Each of the missed samples was executed on an individual clean image and then a full system scan was instigated.

3) After the scan and remediation attempt was complete, the image was compared to the clean snapshot to determine success or failiure.

Single Product Flash Test – Emsisoft Anti-Malware, November 2011

Posted on November 19, 2011 by Sveta

Single Product Flash Test

Product: Emsisoft Anti-Malware

Product Version: 6.0.0.46

Operating System: Windows 7 32-Bit

Amount of samples used: 50

Results Table:

Trojans Set 1	Trojans Set 2	Backdoors	Financial Malware	Other
Gendal	Jorik	Cain	Banker	Krap
Rimecud	Genome	Hupigon	Bancos	Tibia
Menti	Vilsel	DsBot	Pophot	Koobface
Small	Swisyn	SdBot	Zeus	FakeAV
Banload	Inject	Dragonbot	Banker 2	QQPass
Buzus	Oficla	HacDef	SpyEye	ZAccess
Sasfis	Zapchast	Bredavi	Carberp	Ransom
Midgare	Mudrop	Poison	Ruftar	TDSS
Yakes	Injector	Hodprod	Sinowal	AutoRun
Dynamer	Pincav	Rbot	Banbra	Alureon

System Status: Secure

Legend:

Green – Passed

Red – Failed

Single Product Flash Test – Webroot SecureAnywhere Antivirus, November 2011

Posted on November 18, 2011 by Sveta

Single Product Flash Test

Product: Webroot SecureAnywhere Antivirus

Product Version: 8.0.0.66

Operating System: Windows 7 32-Bit

Amount of samples used: 50

Results Table:

Trojans Set 1	Trojans Set 2	Backdoors	Worms	Other
Diple	Sirefef	Poison	AutoRun	TDSS
Dugenpa	Banload	Cetorp	DarkBot	ZAccess
FakeSysdef	Inject	Cycbot	FlyStudio	Alureon
Injector	Malagent	Delf	Fujack	PornoAsset
Jorik	Otran	Hupigon	Kolab	FakeAV
Menti	Bizten	Papras	Ngrbot	Cidox
Monder	Pomnocup	Ruskill	Rochap	Qhost
Netport	Conhook	SdBot	Slenfbot	Banbra
Pakes	Harnig	Simda	Vobfus	Bancos
Scar	Dapto	Zegost	WBNA	Carbrep

System Status: Compromised

Legend:

Green – Passed

Red – Failed

Single Product Flash Test – DefenseWall HIPS, November 2011

Posted on November 17, 2011 by Sveta

Single Product Flash Test

Product: SoftSphere DefemseWall HIPS

Product Version: 3.15

Operating System: Windows 7 32-Bit

Amount of samples used: 50

Results Table:

Trojan	Financial Malware	BackDoor	Rootkit Bootkit	Other
Jorik	Banker	FlyAgent	TDSS 1	AutoRun
Swysin	Goldun	Cycbot	TDSS 2	Injector
Buzus	Zeus	Zegost	ZAccess 1	FakeAV
Small	Sinowal	Rbot	ZAccess 2	Kates
Inject	Usteal	Poison	Alureon 1	AutoIt
Ircbrute	SpyEye	Hupigon	Alureon 2	Obfuscated
Menti	Carberp	Wuca	Tent	Krap
Vilsel	LdPinch	Bifrose	ZAccess 3	FakeAlert
Refroso	Adramax	Ripinip	Cidox	Cinmus
Ramnit	Banbra	Prorat	ZAccess 4	Lmir

System Status: Secure

Legend:

Green – Passed

Red – Failed

MRG Effitas Flash Tests – New Testing Specification

Posted on November 4, 2011 by Sveta

MRG Effitas is happy to announce that from now on we will be using a new testing specification for our Flash Tests. The methodology remains the same, however, we will now be using 200 0-day malware samples in each test.

List of participants by category:

Standalone Anti-Malware Applications:

Avira Antivir Premium
Avast Pro Antivirus
AVG Antivirus
BitDefender Antivirus
Emsisoft Anti-Malware
Eset Nod32 Antivirus
F-Secure Antivirus
GFI VIPRE Antivirus
IKARUS virus.utilities
Kaspersky Antivirus
Microsoft Security Essentials
McAfee Antivirus Plus
Panda Cloud Antivirus
SourceFire Immunet Plus
Symantec Norton Antivirus
Webroot SecureAnywhere

Complementary Anti-Malware Applications:

Malwarebytes’ Anti-Malware
SUPERAntispyware Professional
Zemana Anti-Malware powered by HitmanPro

HIPS, AntiLogeers, Behaviour Blockers:

SoftSphere DefenseWall HIPS
Zemana AntiLogger

Pdfka

ZAccess

Vobfus

Ngrbot

ZAccess

Cidox

Obfuscated