Solved

latest list of viruses / malware signatures for F-Secure

Posted on 2016-09-06
5
62 Views
Last Modified: 2016-09-15
I'm trying to sieve out which of the signatures / malwares in F-Secure is ransomware.
Anyone can get me a list?
0
Comment
Question by:sunhux
  • 3
  • 2
5 Comments
 

Author Comment

by:sunhux
ID: 41785857
I've got from majorgeeks & other sites : all of them ask to download
fsdbupdate9.exe (ie latest) & it can't install/run : I used 7zip to open
its contents but don't see any virus pattern file in it.

For TrendMicro, the lpt$vpn.xxx contains virus definitions & by issuing
   find/i  "name" lpt*  
it lists out the virus names
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 41785978
I am thinking a more manual approach instead.

a) May be is to get from its threat description listing under the "latest description - PC and Mobile type" & "notable threats - Crimeware"
https://www.f-secure.com/en/web/labs_global/threat-descriptions
https://www.f-secure.com/en/web/labs_global/notable-threats

b) It may not cover all for (a) and we consider grabbing from the FSecure DB Tracker which in each listing of the update, it listed the malware names for e.g. in "2016-09-05_07" update, go to the link and you should see the AV names added or updated
https://www.f-secure.com/dbtracker/Aquarius/2016-09-05_07.html
https://www.f-secure.com/dbtracker/
0
 

Author Comment

by:sunhux
ID: 41787722
> go to the link and you should see the AV names added or updated
> https://www.f-secure.com/dbtracker/Aquarius/2016-09-05_07.html
Why is AV names being removed, thought they should just be adding on
to make it more complete?  Is there such thing as a malware/virus getting
obsoleted?
0
 

Author Comment

by:sunhux
ID: 41787737
Btw, how do I identify from F-Secure's list if a malware is a ransomware?  
As long as the description contains the string  "lock" or "cryp" ?

But from https://id-ransomware.malwarehunterteam.com ,
there are ransomware with names that don't contain the above 2 strings, eg:
777
7ev3n
7h9r
ACCDFISAv2.0
Alfa
Alpha
AMBA
Apocalypse
Bandarchor
BankAccountSummary
Bart
0
 
LVL 61

Assisted Solution

by:btan
btan earned 500 total points
ID: 41788154
you cannot depend on just the AV signature name, the details still need to look into. There are many variation and not all ransomware are reflective from its name unlike the earlier one like Cryptolocker, CryptXXX etc.. probably has to look into the alias as well. https://www.f-secure.com/v-descs/trojan_w32_ransom.shtml


Even AV provider has different naming too. This is also demonstrated in VirusTotal listing of the hit by AVs https://www.virustotal.com/en/file/52cbf09633bd646bbdddf4d7ac5fb8993022d41e6395749eb50f3e2c25835857/analysis/
https://virustotal.com/en/file/8a8a3cfb9f30e349bd86ea6fd79d6ae57af95143398fbb6207331937ee35aa06/analysis/1462121521/
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Read about achieving the basic levels of HRIS security in the workplace.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now