Technology/Security/Society Musings: May 2010

Thursday, May 6, 2010

What Virustotal says about a suspicious attachment and AV products

I received a $50 iTunes gift certificate today as a zip file. Yay!

I uploaded it to Virustotal, and the result is below. If the formatting is lost, you can see the report here: http://shar.es/m6tDP

First, Virustotal told me that they already have seen this file. Next, very few AVs identified it as a threat. And at the risk of beating up on McAfee again, their gateway version with a May 6 def identified it, but their regular (?) version with a May 7 def did not! In all, only 8 of 41 identified it.

AVG, which is on my laptop, did not identify it either.

My question: what happened to AV companies sharing knowledge? I would
have thought in 24 hours at least all the big boys would have shared the
signature. A 20% detection rate is pretty bad. But as McAfee's left hand
does not know what its other left hand is doing, I guess I should not be
too surprised.

Antivirus	Version	Last Update	Result
a-squared	4.5.0.50	2010.05.07	-
AhnLab-V3	2010.05.07.00	2010.05.06	-
AntiVir	8.2.1.236	2010.05.06	-
Antiy-AVL	2.0.3.7	2010.05.06	-
Authentium	5.2.0.5	2010.05.06	-
Avast	4.8.1351.0	2010.05.06	-
Avast5	5.0.332.0	2010.05.06	-
AVG	9.0.0.787	2010.05.07	-
BitDefender	7.2	2010.05.07	Gen:Variant.Bredo.4
CAT-QuickHeal	10.00	2010.05.04	-
ClamAV	0.96.0.3-git	2010.05.06	-
Comodo	4783	2010.05.06	-
DrWeb	5.0.2.03300	2010.05.07	-
eSafe	7.0.17.0	2010.05.06	-
eTrust-Vet	35.2.7472	2010.05.06	-
F-Prot	4.5.1.85	2010.05.06	-
F-Secure	9.0.15370.0	2010.05.07	Gen:Variant.Bredo.4
Fortinet	4.0.14.0	2010.05.05	-
GData	21	2010.05.07	Gen:Variant.Bredo.4
Ikarus	T3.1.1.84.0	2010.05.06	-
Jiangmin	13.0.900	2010.05.06	-
Kaspersky	7.0.0.125	2010.05.07	-
McAfee	5.400.0.1158	2010.05.07	-
McAfee-GW-Edition	2010.1	2010.05.06	Artemis!ECB1C56D7D93
Microsoft	1.5703	2010.05.06	-
NOD32	5092	2010.05.06	-
Norman	6.04.12	2010.05.06	-
nProtect	2010-05-06.02	2010.05.06	Gen:Variant.Bredo.4
Panda	10.0.2.7	2010.05.06	Suspicious file
PCTools	7.0.3.5	2010.05.06	-
Prevx	3.0	2010.05.07	-
Rising	22.46.03.04	2010.05.06	-
Sophos	4.53.0	2010.05.07	Mal/FakeAV-BW
Sunbelt	6272	2010.05.06	-
Symantec	20091.2.0.41	2010.05.06	-
TheHacker	6.5.2.0.277	2010.05.06	-
TrendMicro	9.120.0.1004	2010.05.06	PAK_Generic.001
TrendMicro-HouseCall	9.120.0.1004	2010.05.07	-
VBA32	3.12.12.4	2010.05.06	-
ViRobot	2010.5.6.2304	2010.05.06	-
VirusBuster	5.0.27.0	2010.05.06	-

About Me

My name is Javed Ikbal, and I am the Chief Security Officer at zSquad. I hold the CISSP, CISA and CISM certifications. With 20 years in IT and 10 years in information security, my specialty is building or re-engineering information security programs. I've held Chief Information Security Officer positions at multi-billion-dollar corporations, and now with zSquad, I help out other businesses.

I am also the co-founder of The Layoff Support Network (LSN), my pay-it-forward effort to help people during these tough economic times

Technology/Security/Society Musings

Thursday, May 6, 2010

What Virustotal says about a suspicious attachment and AV products

Search this Blog

About Me

Labels

Blog Archive