Detection within Installation files

Discussion in 'Computer Security' started by Art, Sep 27, 2005.

  1. Art

    Art Guest

    One kind of test of scanners that seems to be rare is that of their
    ability to detect a variety of malware "within" install files.
    Catching malware prior to installation is obviously a important
    preventative.

    I used a list of rogue web sites:

    http://kppfree.altervista.org/spylist.htm

    to steer me to a number of installation files. Below are just three
    results of AV scanning using KAV:
    *************************************
    http://www.kazaa-download-manager.com
    Install file: KDM-Setup.EXE
    Trojan-Downloader.Win32.Small.asf data004
    AdWare.Win32.WebHancer.351 whAgent.exe
    AdWare.WebHancer whInstaller.exe

    whsurvery.exe

    webhdll.dll

    whiehlpr.dll

    http://www.mp3musicsearch.net
    Install file: mp3ms.exe
    AdWare.Win32.NewDotNet WISEOO24.BIN
    Server-Proxy.Win32.MarketScore.k WISE0025.BIN
    AdWare.Win32.SaveNow.bo WISE0026.BIN

    http://www.kazaap.org
    Install File: kazaap-3.6.exe
    Adware.Win32.MediaBack data002
    Trojan-Clicker.Win32.VB.dn data003
    Trojan-Downloader.Win32.Agant.jt data005
    *************************************
    Notice the variety of Trojans and Adware in every install file.

    One of the deficiencies of many or most spyware/adware/Trojan scanners
    is their inability to scan "within" install files and act as a
    preventative. One approach would be to upload install files to Virus
    Total. That would only be viable if the file size is small enough. If
    you have low upload speed, and/or the server is maxing out, this
    approach could be painful :)

    Having several free on-demand antivirus scanners on hand is another
    approach. The best preventative though is to only download and install
    known reputable software from trusted sources.

    If your scanner, whatever kind, doesn't alert on at least the three
    install files above, you are being short-changed. Demand of your
    vendor that they learn to do a better job at preventative type of
    scanning.

    Art

    http://home.epix.net/~artnpeg
     
    Art, Sep 27, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Shep©

    Re: how to delete or rename files within nero

    Shep©, Jul 4, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    848
    Shep©
    Jul 4, 2003
  2. Colin

    Opening files from within WORD

    Colin, Nov 4, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    475
    Colin
    Nov 6, 2003
  3. S.V.Proff
    Replies:
    0
    Views:
    457
    S.V.Proff
    Jun 26, 2004
  4. English Patient

    Listing of files within folders

    English Patient, May 16, 2006, in forum: Computer Support
    Replies:
    2
    Views:
    361
    English Patient
    May 16, 2006
  5. =?Utf-8?B?cGhpbA==?=

    opening files within applications

    =?Utf-8?B?cGhpbA==?=, Sep 22, 2006, in forum: Windows 64bit
    Replies:
    2
    Views:
    348
Loading...

Share This Page