Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Detection within Installation files

Reply
Thread Tools

Detection within Installation files

 
 
Art
Guest
Posts: n/a
 
      09-27-2005
One kind of test of scanners that seems to be rare is that of their
ability to detect a variety of malware "within" install files.
Catching malware prior to installation is obviously a important
preventative.

I used a list of rogue web sites:

http://kppfree.altervista.org/spylist.htm

to steer me to a number of installation files. Below are just three
results of AV scanning using KAV:
*************************************
http://www.kazaa-download-manager.com
Install file: KDM-Setup.EXE
Trojan-Downloader.Win32.Small.asf data004
AdWare.Win32.WebHancer.351 whAgent.exe
AdWare.WebHancer whInstaller.exe

whsurvery.exe

webhdll.dll

whiehlpr.dll

http://www.mp3musicsearch.net
Install file: mp3ms.exe
AdWare.Win32.NewDotNet WISEOO24.BIN
Server-Proxy.Win32.MarketScore.k WISE0025.BIN
AdWare.Win32.SaveNow.bo WISE0026.BIN

http://www.kazaap.org
Install File: kazaap-3.6.exe
Adware.Win32.MediaBack data002
Trojan-Clicker.Win32.VB.dn data003
Trojan-Downloader.Win32.Agant.jt data005
*************************************
Notice the variety of Trojans and Adware in every install file.

One of the deficiencies of many or most spyware/adware/Trojan scanners
is their inability to scan "within" install files and act as a
preventative. One approach would be to upload install files to Virus
Total. That would only be viable if the file size is small enough. If
you have low upload speed, and/or the server is maxing out, this
approach could be painful

Having several free on-demand antivirus scanners on hand is another
approach. The best preventative though is to only download and install
known reputable software from trusted sources.

If your scanner, whatever kind, doesn't alert on at least the three
install files above, you are being short-changed. Demand of your
vendor that they learn to do a better job at preventative type of
scanning.

Art

http://home.epix.net/~artnpeg
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
running a separate applicaiton within an installation package Dica ASP .Net 1 07-24-2007 05:34 AM
[OT ?] (Pythonic) detection word protected files Gilles Lenfant Python 2 06-14-2005 01:31 PM
RE: [OT ?] (Pythonic) detection word protected files Tim Golden Python 2 06-14-2005 01:24 PM
Referring to a textbox within a web control within an aspx KatB ASP .Net 0 04-22-2005 07:14 PM



Advertisments