History of one virus
Based on this topic , I, as a curious geek, downloaded this virus and drove this file through the Virustotal service and was very surprised by the results that only 2 of the currently 42 antiviruses considered this file "Suspicious."
It became interesting to me, and how much time would it take antivirus companies to learn about this virus and add it to their databases. For more than one week, I patiently drove the same file through their bases, watched what had changed, entered the results into the table.
')
Perhaps the results will seem to you% habrauser% interesting.
For details, you are welcome under the cat.
Statistics
In total, 15 inspections were conducted in the period from May 30, 4:55 pm Moscow time (In the future, all the time will be indicated according to the ISC) to June 11, 00:56. At the time of publication of this topic, the virus was detected 30 of 42 antivirus (71.4%).
During this period, the following antiviruses began to detect the virus:
AhnLab-V3, Avira AntiVir, Antiy-AVL, Avast, Avast5, AVG, BitDefender, ClamAV, Comodo, DrWeb, F-Secure, Fortinet, Gdata, Ikarus, K7AntiVirus, Kaspersky, McAfee, McAfee-GW-Edition, Microsoft, NOD -32, nProtect, Panda, PCTools, Symantec, TheHacker, ThendMicro, TrendMicro-HouseCall, VBA32, VIPRE, VirusBuster.
If you use one of these antiviruses, it means that your antivirus is relatively safe for everyday use.
The following antiviruses have not begun to detect this virus after 10 days:
CAT-QuickHeal, Commtouch, eSafe, eTrust-Vet, F-Prot, Jiangmin, Norman, Prevx, Rising, Sophos, SUPERAntiSpyware, ViRobot
BUT, what kind of statistics it would be if there were no more detailed statistics.
The table below speaks for itself:
| date | Detects antivirus | What antiviruses added | Link to report |
|---|---|---|---|
| May 30, 16:55 | 2 | Panda, Kaspersky | Tyts |
| May 30, 18:20 | 1 (WTF?) | - Kaspersky | Tyts |
| May 30, 18:51 | 2 | + Drweb | Tyts |
| May 30, 20:20 | 3 | + Kaspersky | Tyts |
| May 31, 00:15 | five | + Comodo, NOD32 | Tyts |
| May 31, 02:09 | 6 | + Avg | Tyts |
| May 31, 12:19 | 13 | + AVAST, AVAST5, BitDefender, Emsisoft, F-secure, Gdata, Ikarus | Tyts |
| May 31, 2:20 pm | 12 (WTF?) | - F-Secure | Tyts |
| May 31, 15:03 | 13 | + Avira AntiVir | Tyts |
| May 31, 17:56 | 15 | + F-Secure, Microsoft, nProtect | Tyts |
| June 1, 10:35 | 17 | + AhnLab-V3, Symantec, Vipre | Tyts |
| June 1, 22:01 | 21 | + ClamAV, PCTools, VirusBuster | Tyts |
| June 3, 4:30 pm | 25 | + VBA32, Gdata, TheHacker | Tyts |
| June 5, 03:05 | 28 | + Fortinet, K7Antivirus | Tyts |
| June 11, 00:56 | thirty | + TrendMicro, TrendMicro-HouseCall | Tyts |
And a nice little schedule:
An interesting place is May 30, 18:20 and May 31, 14:20, in these places, those antiviruses that previously detected this virus, suddenly stopped detecting it. What is the reason I unfortunately did not understand.
You can find small inconsistencies between the number of antiviruses and the list of added antiviruses, for example 13 + 3! = 15, this is due to the fact that periodically, Virustotal removes and adds antiviruses (Removes apparently at that time, while the databases are updated).
Conclusion
It seemed to be a rather logical picture, that every popular antivirus already detects this malware, and any noname antivirus can afford to miss 1 or 2 viruses.
Please do not regard this topic as a PR of one or another antivirus product. Just the bare facts. The conclusion about the use of an antivirus, you should already do it yourself.
I hope my little research seemed interesting to you.
If you find any bugs, please let me know.
I will try to answer any questions you may have.
Source: https://habr.com/ru/post/121220/
All Articles