eicar.com is NOT a good suggestion for Arjun's original request of
known malware URI's for use in testing the relative efficacy of
Anti-virus products. Pretty much all AV's are going to know of the
EICAR test file, and, as such, "Yes, the AV detects the EICAR test
file" tells you only whether a given AV solution as-installed is
working at all. Unfortunately it is useless in a comparative test of
efficacy against modern malware.
One Malware URI database that I have bookmarked is
http://www.malwareurl.com/listing-urls.php
I have no idea whether it's a good one or not, though.
Doing comparative AV testing is really really hard, and grabbing
representative samples that are truly in the wild and fresh is among
the biggest challenges. There are groups who are esteemed for doing a
rather good job of it though... NSS Labs among them. Their consumer
AV results are avaialble for free, but you'll have to pay for
Enterprise AV results.
http://www.nsslabs.com/research/endpoint-security/anti-malware/
That's not unreasonable because it takes a lot of effort to do such
testing correctly.
AVComparatives is also oft-mentioned. Their results should be worth a
look as well. http://www.av-comparatives.org/
Arjun you might also be interested in a podcast... I'd heard a podcast
with the NSS Labs guys where they were interviewed about their work
testing AV and also mentioning the exploit marketplace they were
launching. Unfortunately I can't remember which of the podcasts I
follow they were on. Maybe this one?
http://exoticliability.libsyn.com/exotic-liability-66-exploit-hub
or
http://www.mckeay.net/2010/03/16/network-security-podcast-episode-189/
Also perhaps of interest was this podcast that was focused on
comparative testing on a rather specific threat. I may not answer
your original question, but may guide you in your testing methodology:
http://www.nsslabs.com/resources/webinars/videos/podcast:-gene-kim-and-r
ick-moy-dscuss-the-aurora-attacks.html
"vedantamsekhar (at) gmail (dot) com [email concealed]" <vedantamsekhar (at) gmail (dot) com [email concealed]> writes:
> Eicar.com is good one, but i tnink almost all av scanners by default
> blcoks them, as it so well known. For evaluation of AV, we need to
> look for some thing which is not known to vendors and also safe to
> run on the system.
>
> Thanks,
> Sekhar
>
> Sent from my Nokia phone
> -----Original Message-----
> From: Matias Katz
> Sent: 11/03/2011 5:01:58 pm
> To: navin1406 (at) yahoo (dot) com [email concealed]
> Cc: arjunsam (at) gmail (dot) com [email concealed]; listbounce (at) securityfocus (dot) com [email concealed]; pen-test (at) securityfocus (dot) com [email concealed]
> Subject: Re: Malware URI list
>
> Did you mean eicar.com ?
>
> If so, you can download it from http://www.eicar.org/download/eicar.com.txt
>
> The AV shouldn't let you download it.
>
> You can also test your Anti-SPAM filters with GTUBE:
> http://spamassassin.apache.org/gtube/
>
> Also, I've developed a keylogger in C# which should also trigger your AV
> alerts: http://www.matiaskatz.com/k-log
>
> Don't worry, the app is harmless. It will only leave a TXT file in your
> C:\ and show an alert message every 2 minutes. But it should test your
> AV strength
>
> Good luck!
>
> Matias Katz
>
> matias (at) matiaskatz (dot) com [email concealed]
> GPG: 0x8C7C3B7E
>
>
> On 11/03/11 03:26, navin1406 (at) yahoo (dot) com [email concealed] wrote:
>> Try aicar.com. Thanks
>> ------Original Message------
>> From: arjunsam (at) gmail (dot) com [email concealed]
>> Sender: listbounce (at) securityfocus (dot) com [email concealed]
>> To: pen-test (at) securityfocus (dot) com [email concealed]
>> Subject: Malware URI list
>> Sent: Mar 10, 2011 08:04
>>
>> Guys,
>>
>> I'm working on accessing the detection rate and of some Anti-Virus solutions. Do you any you guys have a list of malware uri and willing to share it for my testing.
>>
>> Thanks,
>> Arjun
>>
>> ------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
eicar.com is NOT a good suggestion for Arjun's original request of
known malware URI's for use in testing the relative efficacy of
Anti-virus products. Pretty much all AV's are going to know of the
EICAR test file, and, as such, "Yes, the AV detects the EICAR test
file" tells you only whether a given AV solution as-installed is
working at all. Unfortunately it is useless in a comparative test of
efficacy against modern malware.
One Malware URI database that I have bookmarked is
http://www.malwareurl.com/listing-urls.php
I have no idea whether it's a good one or not, though.
Doing comparative AV testing is really really hard, and grabbing
representative samples that are truly in the wild and fresh is among
the biggest challenges. There are groups who are esteemed for doing a
rather good job of it though... NSS Labs among them. Their consumer
AV results are avaialble for free, but you'll have to pay for
Enterprise AV results.
http://www.nsslabs.com/research/endpoint-security/anti-malware/
That's not unreasonable because it takes a lot of effort to do such
testing correctly.
AVComparatives is also oft-mentioned. Their results should be worth a
look as well. http://www.av-comparatives.org/
Arjun you might also be interested in a podcast... I'd heard a podcast
with the NSS Labs guys where they were interviewed about their work
testing AV and also mentioning the exploit marketplace they were
launching. Unfortunately I can't remember which of the podcasts I
follow they were on. Maybe this one?
http://exoticliability.libsyn.com/exotic-liability-66-exploit-hub
or
http://www.mckeay.net/2010/03/16/network-security-podcast-episode-189/
Also perhaps of interest was this podcast that was focused on
comparative testing on a rather specific threat. I may not answer
your original question, but may guide you in your testing methodology:
http://www.nsslabs.com/resources/webinars/videos/podcast:-gene-kim-and-r
ick-moy-dscuss-the-aurora-attacks.html
Good luck! We'd love to hear your results.
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/
"vedantamsekhar (at) gmail (dot) com [email concealed]" <vedantamsekhar (at) gmail (dot) com [email concealed]> writes:
> Eicar.com is good one, but i tnink almost all av scanners by default
> blcoks them, as it so well known. For evaluation of AV, we need to
> look for some thing which is not known to vendors and also safe to
> run on the system.
>
> Thanks,
> Sekhar
>
> Sent from my Nokia phone
> -----Original Message-----
> From: Matias Katz
> Sent: 11/03/2011 5:01:58 pm
> To: navin1406 (at) yahoo (dot) com [email concealed]
> Cc: arjunsam (at) gmail (dot) com [email concealed]; listbounce (at) securityfocus (dot) com [email concealed]; pen-test (at) securityfocus (dot) com [email concealed]
> Subject: Re: Malware URI list
>
> Did you mean eicar.com ?
>
> If so, you can download it from http://www.eicar.org/download/eicar.com.txt
>
> The AV shouldn't let you download it.
>
> You can also test your Anti-SPAM filters with GTUBE:
> http://spamassassin.apache.org/gtube/
>
> Also, I've developed a keylogger in C# which should also trigger your AV
> alerts: http://www.matiaskatz.com/k-log
>
> Don't worry, the app is harmless. It will only leave a TXT file in your
> C:\ and show an alert message every 2 minutes. But it should test your
> AV strength
>
> Good luck!
>
> Matias Katz
>
> matias (at) matiaskatz (dot) com [email concealed]
> GPG: 0x8C7C3B7E
>
>
> On 11/03/11 03:26, navin1406 (at) yahoo (dot) com [email concealed] wrote:
>> Try aicar.com. Thanks
>> ------Original Message------
>> From: arjunsam (at) gmail (dot) com [email concealed]
>> Sender: listbounce (at) securityfocus (dot) com [email concealed]
>> To: pen-test (at) securityfocus (dot) com [email concealed]
>> Subject: Malware URI list
>> Sent: Mar 10, 2011 08:04
>>
>> Guys,
>>
>> I'm working on accessing the detection rate and of some Anti-Virus solutions. Do you any you guys have a list of malware uri and willing to share it for my testing.
>>
>> Thanks,
>> Arjun
>>
>> ------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]