Solved

latest list of viruses / malware signatures for F-Secure

Posted on 2016-09-06
5
117 Views
Last Modified: 2016-09-15
I'm trying to sieve out which of the signatures / malwares in F-Secure is ransomware.
Anyone can get me a list?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 

Author Comment

by:sunhux
ID: 41785857
I've got from majorgeeks & other sites : all of them ask to download
fsdbupdate9.exe (ie latest) & it can't install/run : I used 7zip to open
its contents but don't see any virus pattern file in it.

For TrendMicro, the lpt$vpn.xxx contains virus definitions & by issuing
   find/i  "name" lpt*  
it lists out the virus names
0
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 41785978
I am thinking a more manual approach instead.

a) May be is to get from its threat description listing under the "latest description - PC and Mobile type" & "notable threats - Crimeware"
https://www.f-secure.com/en/web/labs_global/threat-descriptions
https://www.f-secure.com/en/web/labs_global/notable-threats

b) It may not cover all for (a) and we consider grabbing from the FSecure DB Tracker which in each listing of the update, it listed the malware names for e.g. in "2016-09-05_07" update, go to the link and you should see the AV names added or updated
https://www.f-secure.com/dbtracker/Aquarius/2016-09-05_07.html
https://www.f-secure.com/dbtracker/
0
 

Author Comment

by:sunhux
ID: 41787722
> go to the link and you should see the AV names added or updated
https://www.f-secure.com/dbtracker/Aquarius/2016-09-05_07.html
Why is AV names being removed, thought they should just be adding on
to make it more complete?  Is there such thing as a malware/virus getting
obsoleted?
0
 

Author Comment

by:sunhux
ID: 41787737
Btw, how do I identify from F-Secure's list if a malware is a ransomware?  
As long as the description contains the string  "lock" or "cryp" ?

But from https://id-ransomware.malwarehunterteam.com ,
there are ransomware with names that don't contain the above 2 strings, eg:
777
7ev3n
7h9r
ACCDFISAv2.0
Alfa
Alpha
AMBA
Apocalypse
Bandarchor
BankAccountSummary
Bart
0
 
LVL 64

Assisted Solution

by:btan
btan earned 500 total points
ID: 41788154
you cannot depend on just the AV signature name, the details still need to look into. There are many variation and not all ransomware are reflective from its name unlike the earlier one like Cryptolocker, CryptXXX etc.. probably has to look into the alias as well. https://www.f-secure.com/v-descs/trojan_w32_ransom.shtml


Even AV provider has different naming too. This is also demonstrated in VirusTotal listing of the hit by AVs https://www.virustotal.com/en/file/52cbf09633bd646bbdddf4d7ac5fb8993022d41e6395749eb50f3e2c25835857/analysis/
https://virustotal.com/en/file/8a8a3cfb9f30e349bd86ea6fd79d6ae57af95143398fbb6207331937ee35aa06/analysis/1462121521/
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question