Automated Malware Classification

If you follow these kinds of things, you will realise that AV technology is getting worse not better at protecting you from malware. Case in point, yesterday I downloaded a file from a rather dubious site. I checked it out with ClamAV and McAfee and both gave it a clean bill of health. On running it and monitoring it's progress with process explorer I realised pretty quickly that it was malicious. I submitted it to VirusTotal and it was found to be malicious by only 3 scanners (all free, none of the 'big vendors' detected it) and at least two looked to be using heuristics to make that analysis.

Now it seems the automated classification debate is heating up with Havlar's recent work, and now Microsoft's Anti-Malware team (and Havlar's response).

Friday, May 19. 2006
Posted by Dominic White in Security
Comments (2) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

#1 Fred wrote (Link) (Reply)
Posted on Monday, May 22. 2006

Very interesting and scary at the same time. Whats the best AV to use in linux? Clam?

#2 Thamsanqa wrote (Link) (Reply)
Posted on Wednesday, May 31. 2006

Ok its time to update this blog!

Add Comment

Name
Email
Homepage
In reply to
Comment
	Remember Information? Subscribe to this entry