没事干搞一个杀毒软件对木马及其变种的评测[原创]
这次国内的瑞星也在测试之列
病毒库全部2007.4.30
以下绿色字体代表漏过,红色代表启发判断未正确判断病毒类型,蓝色代表完美查出病毒
本人能力有限,请原谅不足之处
样本统一使用国内最常见,危害最大木马灰鸽子变种[自做]
测试1
测试方案: 灰鸽子2007[使用FakeNinja变种操作]
A-Squared | Found nothing
| AntiVir | Found HEUR/Crypted
| ArcaVir | Found Trojan.Hupigon.Vt
| Avast | Found Win32:Hupigon-AMD
| AVG Antivirus | Found nothing
| BitDefender | Found GenPack:Generic.Graybird.7A7448DD
| ClamAV | Found Trojan.Hupigon-1634
| Dr.Web | Found BackDoor.Graybird
| F-Prot Antivirus | Found Possibly a new variant of W32/Threat-Backdoor-Silly-based!Maximus
| F-Secure Anti-Virus | Found Backdoor.Win32.Hupigon.alw
| Fortinet | Found nothing
| Kaspersky Anti-Virus | Found Backdoor.Win32.Hupigon.alw
| NOD32 | Found a variant of Win32/GreyBird
| Norman Virus Control | Found nothing
| Panda Antivirus | Found nothing
| Rising Antivirus | Found nothing[国人的瑞星]
| VirusBuster | Found nothing
| VBA32 | Found BackDoor.Graybird
|
在此对瑞星能力表示怀疑,国内病毒稍微变种下就不认了,真是...............
测试2
测试方案: 灰鸽子2007[使用休闲山庄加密工具变种操作]
A-Squared | Found nothing
| AntiVir | Found HEUR/Crypted
| ArcaVir | Found Trojan.Hupigon.Vt
| Avast | Found Win32:Hupigon-AMD
| AVG Antivirus | Found nothing
| BitDefender | Found GenPack:Generic.Graybird.7A7448DD
| ClamAV | Found Trojan.Hupigon-1634
| Dr.Web | Found BackDoor.Graybird
| F-Prot Antivirus | Found Possibly a new variant of W32/Threat-Backdoor-Silly-based!Maximus
| F-Secure Anti-Virus | Found Backdoor.Win32.Hupigon.alw
| Fortinet | Found nothing
| Kaspersky Anti-Virus | Found Backdoor.Win32.Hupigon.alw
| NOD32 | Found a variant of Win32/GreyBird
| Norman Virus Control | Found nothing
| Panda Antivirus | Found nothing
| Rising Antivirus | Found nothing
| VirusBuster | Found nothing
| VBA32 | Found BackDoor.Graybird
|
又是一个简单的壳,Rising再次倒下了,他吹嘘的虚拟机脱壳引擎在哪呢??
测试3
测试方案: 灰鸽子2007[使用SVKP变种操作]
A-Squared | Found nothing
| AntiVir | Found nothing
| ArcaVir | Found nothing
| Avast | Found Win32:Hupigon-ACA
| AVG Antivirus | Found nothing
| BitDefender | Found nothing
| ClamAV | Found nothing
| Dr.Web | Found nothing
| F-Prot Antivirus | Found nothing
| F-Secure Anti-Virus | Found Backdoor.Win32.Hupigon.alw
| Fortinet | Found nothing
| Kaspersky Anti-Virus | Found Backdoor.Win32.Hupigon.alw
|
NOD32 | Found nothing
| Norman Virus Control | Found nothing
| Panda Antivirus | Found nothing
| Rising Antivirus | Found nothing[国人的瑞星]
| VirusBuster | Found nothing
| VBA32 | Found nothing
|
可以看出,在一个强壳面前,多少杀毒都低下了头
值得一提的是卡巴在这三次检测中表现出色,全部正确标示病毒
卡巴的脱壳能力看起来比瑞星强多了
F-Secure,AVAST的杀毒能力也还不错
测试3
测试方案: 灰鸽子2007[使用牧马游民PE加密工具变种操作]
A-Squared | Found nothing
| AntiVir | Found HEUR/Crypted
| ArcaVir | Found nothing
| Avast | Found Win32:Hupigon-AMD
| AVG Antivirus | Found nothing
| BitDefender | Found Generic.Graybird.21FA4647
| ClamAV | Found nothing
| Dr.Web | Found BackDoor.Graybird
| F-Prot Antivirus | Found nothing
| F-Secure Anti-Virus | Found Backdoor.Win32.Hupigon.alw
| Fortinet | Found nothing
| Kaspersky Anti-Virus | Found Backdoor.Win32.Hupigon.alw
| NOD32 | Found a variant of Win32/GreyBird
| Norman Virus Control | Found nothing
| Panda Antivirus | Found nothing
| Rising Antivirus | Found nothing
| VirusBuster | Found nothing
| VBA32 | Found BackDoor.Graybird
|
感觉从以上来看AntiVir大部分都是在报壳,显示有风险,不过对于病毒的准确定义看起来还要努力下!
下面是最终关!
测试方案: 灰鸽子2007[使用Themida变种操作]
A-Squared | Found nothing
| AntiVir | Found nothing
| ArcaVir | Found nothing
| Avast | Found nothing
| AVG Antivirus | Found nothing
| BitDefender | Found nothing
| ClamAV | Found nothing
| Dr.Web | Found nothing
| F-Prot Antivirus | Found nothing
| F-Secure Anti-Virus | Found nothing
| Fortinet | Found nothing
| Kaspersky Anti-Virus | Found nothing
| NOD32 | Found nothing
| Norman Virus Control | Found nothing
| Panda Antivirus | Found nothing
| Rising Antivirus | Found nothing
| VirusBuster | Found nothing
| VBA32 | Found nothing
| 全军覆没??!!这样的结果看起来没有丝毫意义,所以我更换并增加了一些杀毒软件
下面是新的测试结果
注意,此次查杀使用的是网络上传多引擎杀毒方式
杀毒软件版本奇特请谅解
之前测试全部为最新版
[除BD为7.2]
AhnLab-V3 | 2007.4.30.1 | 04.30.2007 | no virus found | AntiVir | 7.4.0.15 | 04.30.2007 | no virus found | Authentium | 4.93.8 | 04.27.2007 | no virus found | Avast | 4.7.981.0 | 04.30.2007 | no virus found | AVG | 7.5.0.467 | 04.30.2007 | no virus found | BitDefender | 7.2 | 04.30.2007 | no virus found | CAT-QuickHeal | 9.00 | 04.30.2007 | no virus found | ClamAV | devel-20070416 | 04.30.2007 | no virus found | DrWeb | 4.33 | 04.30.2007 | no virus found | eSafe | 7.0.15.0 | 04.29.2007 | no virus found | eTrust-Vet | 30.7.3606 | 04.30.2007 | no virus found | Ewido | 4.0 | 04.30.2007 | no virus found | FileAdvisor | 1 | 04.30.2007 | no virus found | Fortinet | 2.85.0.0 | 04.30.2007 | suspicious | F-Prot | 4.3.2.48 | - | no virus found | F-Secure | 6.70.13030.0 | 04.30.2007 | no virus found | Ikarus | T3.1.1.5 | 04.30.2007 | Backdoor.VB.EV | Kaspersky | 4.0.2.24 | 04.30.2007 | no virus found | McAfee | 5019 | 04.27.2007 | no virus found | Microsoft | 1.2405 | 04.30.2007 | no virus found | NOD32v2 | 2230 | 04.30.2007 | no virus found |
可以看出,在一个极强的壳下,卡巴也败了下去
而来自奥地利的Ikarus则成了唯一报出文件为木马的杀软
另一方面Fortinet则报出其为可疑文件,值得称道
还有一点,很无奈的,瑞星在五项测试中全部败北,看来国内杀软还有很长的路要走啊
以上测试病毒样本可能过少,但本人明显力量不足以测试那样多的病毒及其变种
此文仅为抛砖引玉,望大家支持下,小弟谢过
[ 本帖最后由 samisgod 于 2007-5-1 07:41 编辑 ] |