Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

latest list of viruses / malware signatures for F-Secure

Posted on 2016-09-06
5
81 Views
Last Modified: 2016-09-15
I'm trying to sieve out which of the signatures / malwares in F-Secure is ransomware.
Anyone can get me a list?
0
Comment
Question by:sunhux
  • 3
  • 2
5 Comments
 

Author Comment

by:sunhux
ID: 41785857
I've got from majorgeeks & other sites : all of them ask to download
fsdbupdate9.exe (ie latest) & it can't install/run : I used 7zip to open
its contents but don't see any virus pattern file in it.

For TrendMicro, the lpt$vpn.xxx contains virus definitions & by issuing
   find/i  "name" lpt*  
it lists out the virus names
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 41785978
I am thinking a more manual approach instead.

a) May be is to get from its threat description listing under the "latest description - PC and Mobile type" & "notable threats - Crimeware"
https://www.f-secure.com/en/web/labs_global/threat-descriptions
https://www.f-secure.com/en/web/labs_global/notable-threats

b) It may not cover all for (a) and we consider grabbing from the FSecure DB Tracker which in each listing of the update, it listed the malware names for e.g. in "2016-09-05_07" update, go to the link and you should see the AV names added or updated
https://www.f-secure.com/dbtracker/Aquarius/2016-09-05_07.html
https://www.f-secure.com/dbtracker/
0
 

Author Comment

by:sunhux
ID: 41787722
> go to the link and you should see the AV names added or updated
https://www.f-secure.com/dbtracker/Aquarius/2016-09-05_07.html
Why is AV names being removed, thought they should just be adding on
to make it more complete?  Is there such thing as a malware/virus getting
obsoleted?
0
 

Author Comment

by:sunhux
ID: 41787737
Btw, how do I identify from F-Secure's list if a malware is a ransomware?  
As long as the description contains the string  "lock" or "cryp" ?

But from https://id-ransomware.malwarehunterteam.com ,
there are ransomware with names that don't contain the above 2 strings, eg:
777
7ev3n
7h9r
ACCDFISAv2.0
Alfa
Alpha
AMBA
Apocalypse
Bandarchor
BankAccountSummary
Bart
0
 
LVL 63

Assisted Solution

by:btan
btan earned 500 total points
ID: 41788154
you cannot depend on just the AV signature name, the details still need to look into. There are many variation and not all ransomware are reflective from its name unlike the earlier one like Cryptolocker, CryptXXX etc.. probably has to look into the alias as well. https://www.f-secure.com/v-descs/trojan_w32_ransom.shtml


Even AV provider has different naming too. This is also demonstrated in VirusTotal listing of the hit by AVs https://www.virustotal.com/en/file/52cbf09633bd646bbdddf4d7ac5fb8993022d41e6395749eb50f3e2c25835857/analysis/
https://virustotal.com/en/file/8a8a3cfb9f30e349bd86ea6fd79d6ae57af95143398fbb6207331937ee35aa06/analysis/1462121521/
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question