Author Topic: NEWBIE trying to use this site to find best AVAS vendor.  (Read 3386 times)

0 Members and 1 Guest are viewing this topic.

April 23, 2010, 10:16:01 pm
Read 3386 times

ReedMikel

  • Newbie

  • Offline
  • *

  • 3
Hi All,

I am an IT consultant managing about 200 PCs at several client sites.  I currently use AVG9 on these PCs, but it misses FakeAV malware quite often.  So I am trying to find a better AVAS product.  I thought my selection process should be somewhat scientific, so I am in search of URLs that lead to the dreaded FakeAV crap we are all to familiar with lately.  Once I have some URLs, I want to use a VMWare virtual machine to test how several leading AVAS products handle the threats.  Would this site be appropriate?  Any suggestions?

I saw a sticky to not request samples, so maybe this forum isn't appropriate?

If this isn't an appropriate site, can anyone suggest how to truly test various AVAS products against real malware threats that users would encounter on the web?  Is there a resource on the Internet that provides working copies of known malware for IT folks to test against?

TIA,
-Mike

April 24, 2010, 12:15:41 am
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
You can find those in our database at;

http://www.malwaredomainlist.com/mdl.php?search=fake+av&colsearch=All&quantity=50

I'd personally suggest Malwarebytes AntiMalware (www.malwarebytes.org) coupled with either NOD ESS (www.eset.com) or Kaspersky (www.kaspersky.com).
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

May 05, 2010, 06:34:34 pm
Reply #2

ReedMikel

  • Newbie

  • Offline
  • *

  • 3
Thanks for the info!  I did look at some of those domains listed there, but in many cases they are already flagged as unsafe by Google.  I (and my clients) tend to use Firefox, which has a security option that checks sites using some Google resource.

What I'd really like to find is a web resource that compiles examples of malware, particularly Fake AV stuff.   I want it hosted by a legit company, like Malwaredomainlist, so that IT people like myself could research and learn from the actual malware itself.  That way I could evaluate different AVAS products against it.  I could also show it to customers so they get a feel of what a typical Fake AV looks like, and how to respond.

I had a client that got hit by a Fake AV today, so I copied down their Firefox browser history and ran a report on it.  Using a test virtual PC (with no AVAS protection) I then browsed to each site that the user had visited this am.  I finally got the typical Fake AV screen (screen attached).  BUT, it is not reproducible (I'm using VMware so I'm able to quickly use snapshots to reload my test machine to any point in time).  My hunch is that a particular Flashplayer ad was responsible for the Fake AV malware.  The problem is that the ads change every time you visit the site.   That makes it nearly impossible to have a reproducible example of the malware.

So back to my original question: is there any web resource that might actually *host* examples of malware (along with all kinds of visual warnings)?  Or is this a futile effort on my part because malicious sites seemingly come and go by the minute?

You can find those in our database at;

http://www.malwaredomainlist.com/mdl.php?search=fake+av&colsearch=All&quantity=50

May 06, 2010, 09:11:31 am
Reply #3

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
The domains and methods these guys are using change all the time, so one domain is never active for very long.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

May 06, 2010, 09:33:54 am
Reply #4

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
So back to my original question: is there any web resource that might actually *host* examples of malware (along with all kinds of visual warnings)?  Or is this a futile effort on my part because malicious sites seemingly come and go by the minute?

There's a few vendors that do, but you've generally got to be trusted by them to get access. Otherwise, there's a plethora of non-legit sites that do (can't point you to them obviously).
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

May 06, 2010, 12:39:43 pm
Reply #5

ReedMikel

  • Newbie

  • Offline
  • *

  • 3
Too bad, as I was really hoping there  would be an educational resource for IT people to "experience" malware firsthand.  I'll keep looking thru some of the domains listed at this site, but so far it's like trying to find a needle in a haystack.  Of course, my customers have no problems finding malware on the web :)

Another thought: I wonder how hard it would be to host an infected website myself?  I'd run IIS on a virtual server and only access it internally...