Monday, April 07, 2008

What? You Are Releasing Untested Malware?

... What are you, some kind of amateur? :-)

Dancho Danchev reminds people how modern malware is tested here. A quote: "And when a popular piece of malware known as Shark introduced a built-in VirusTotal submission to verify the low detecting rate of the newly generated server, something really had to change - like it did."

So, imagine a malicious "clone" of VirusTotal that is launched by an enterprising criminal to provide "a valuable service" of malware testing to a cybercrime community? :-) : "A small fee for testing please. What, you are releasing an untested malware? Phooo... What are you, some kind of amateur? :-)"

Dancho then predicts: "One thing's for sure - malware will start getting benchmarked against each and every antivirus solution and firewall before the campaign gets launched, in a much more efficient and Q&A structured approach than it is for the time being."

Please tell me if this happens, it won't be the final nail in the "legacy"/"blacklist-only" AV coffin?

Dr Anton Chuvakin