11/23/2014

#regin these are the md5 files and the discovery rates of Virustotal (and some thoughts)

and this explains why some were not discovered anyway on 52 security tools analyzed 3 hours ago

https://www.virustotal.com/nl/file/7d38eb24cf5644e090e45d5efa923aff0e69a600fb0ab627e8929bb485243926/analysis/  30 discovery

https://www.virustotal.com/nl/file/40c46bcab9acc0d6d235491c01a66d4c6f35d884c19c6f410901af6d1e33513b/analysis/ 37 discovery

https://www.virustotal.com/nl/file/a7e3ad8ea7edf1ca10b0e5b0d976675c3016e5933219f97e94900dea0d470abe/analysis/  28/43  3 years 4 months (2011)

https://www.virustotal.com/nl/file/f1d903251db466d35533c28e3c032b7212aa43c8d64ddf8c5521b43031e69e1e/analysis/  4/42  2 years

https://www.virustotal.com/nl/file/9cd5127ef31da0e8a4e36292f2af5a9ec1de3b294da367d7c05786fe2d5de44f/analysis/  23/48  1 year ago

and there are more of them but we can conclude the following

because the antivirus and security industry doesn't work together and because they give different names to the same viruses and don't exchange technical information it takes years to get the full picture and so even if some of the files of the virus were found to be malicious not all the files were found to be malicious especially not by all the securityprograms at the same time

it also means that we have to change the general perception of an antivirus. People just install an antivirus and than look if it finds viruses (normally it does) and than make sometimes some general report about it but don't analyse what it is and what the consequences are that the file or virus has been found on a server or a pc and if there are other files that or traffic or behaviour for that machine that have to be researched and that have to be integrated in the report

it is intelligent analysis that will make the difference in high value environments, not putting just machine after machine after machine hoping that that will do the trick

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.