Solved

latest list of viruses / malware signatures for F-Secure

Posted on 2016-09-06
5
74 Views
Last Modified: 2016-09-15
I'm trying to sieve out which of the signatures / malwares in F-Secure is ransomware.
Anyone can get me a list?
0
Comment
Question by:sunhux
  • 3
  • 2
5 Comments
 

Author Comment

by:sunhux
ID: 41785857
I've got from majorgeeks & other sites : all of them ask to download
fsdbupdate9.exe (ie latest) & it can't install/run : I used 7zip to open
its contents but don't see any virus pattern file in it.

For TrendMicro, the lpt$vpn.xxx contains virus definitions & by issuing
   find/i  "name" lpt*  
it lists out the virus names
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41785978
I am thinking a more manual approach instead.

a) May be is to get from its threat description listing under the "latest description - PC and Mobile type" & "notable threats - Crimeware"
https://www.f-secure.com/en/web/labs_global/threat-descriptions
https://www.f-secure.com/en/web/labs_global/notable-threats

b) It may not cover all for (a) and we consider grabbing from the FSecure DB Tracker which in each listing of the update, it listed the malware names for e.g. in "2016-09-05_07" update, go to the link and you should see the AV names added or updated
https://www.f-secure.com/dbtracker/Aquarius/2016-09-05_07.html
https://www.f-secure.com/dbtracker/
0
 

Author Comment

by:sunhux
ID: 41787722
> go to the link and you should see the AV names added or updated
https://www.f-secure.com/dbtracker/Aquarius/2016-09-05_07.html
Why is AV names being removed, thought they should just be adding on
to make it more complete?  Is there such thing as a malware/virus getting
obsoleted?
0
 

Author Comment

by:sunhux
ID: 41787737
Btw, how do I identify from F-Secure's list if a malware is a ransomware?  
As long as the description contains the string  "lock" or "cryp" ?

But from https://id-ransomware.malwarehunterteam.com ,
there are ransomware with names that don't contain the above 2 strings, eg:
777
7ev3n
7h9r
ACCDFISAv2.0
Alfa
Alpha
AMBA
Apocalypse
Bandarchor
BankAccountSummary
Bart
0
 
LVL 62

Assisted Solution

by:btan
btan earned 500 total points
ID: 41788154
you cannot depend on just the AV signature name, the details still need to look into. There are many variation and not all ransomware are reflective from its name unlike the earlier one like Cryptolocker, CryptXXX etc.. probably has to look into the alias as well. https://www.f-secure.com/v-descs/trojan_w32_ransom.shtml


Even AV provider has different naming too. This is also demonstrated in VirusTotal listing of the hit by AVs https://www.virustotal.com/en/file/52cbf09633bd646bbdddf4d7ac5fb8993022d41e6395749eb50f3e2c25835857/analysis/
https://virustotal.com/en/file/8a8a3cfb9f30e349bd86ea6fd79d6ae57af95143398fbb6207331937ee35aa06/analysis/1462121521/
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question