Rogue AV causes lots of problems for AV scanners. We see around 6-25% detection of Rogue AV by the AV scanners on VirusTotal here is a link to some related blog posts http://community.websense.com/blogs/securitylabs/archive/category/1771.aspx .
Here are some individual reports on VirusTotal that are referenced in some of the blogs http://www.virustotal.com/analisis/fabca4efdaf5c89d36e153637fbe92bc130f62812d6261833b073a23240260c8-1267321093 http://www.virustotal.com/analisis/6c835981a6fd2f866f6200dfd5384240fab14149ddc8c162721305c11533d984-1268277978 http://www.virustotal.com/analisis/7f740567ef431e91f898358c33df60b0f6cb709ecb3fdc88deaf07026e03b7fe-1273234735 But looks like a few of the scanners did better than the others from these 3 reports. Thanks, ------------------------------------------ Ali Mesdaq (CISSP, GIAC-GREM) Sr. Security Researcher Websense Security Labs http://www.WebsenseSecurityLabs.com ------------------------------------------ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Christopher Fisk Sent: Tuesday, May 18, 2010 5:30 AM To: [email protected] Subject: [H] 0 Day Viruses Was: Re: Vipre Antivirus Anyone have any luck with their antivirus blocking the various Antivirus 2010/Security Essentials 2010 variants as they are released? We're constantly seeing those installed on user's PC's with up to date antiviruses (Nordon, Avast, AVG, McAfee, Avira, etc). What will actually catch this thing? Best I have found is McAfee with very very locked down rulesets (Block files from being run from temp folders, etc) Christopher Fisk To report this as spam, please forward to [email protected]. Thank you. Protected by Websense Hosted Email Security -- www.websense.com
