18款杀毒软件对灰鸽子变种查杀评测[自测]
没事干搞一个杀毒软件对木马及其变种的评测[原创]
这次国内的瑞星也在测试之列
病毒库全部2007.4.30
样本统一使用国内最常见,危害最大木马灰鸽子变种[自做]
测试1
测试方案: 灰鸽子2007[使用FakeNinja变种操作]
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found Trojan.Hupigon.Vt
Avast Found Win32:Hupigon-AMD
AVG Antivirus Found nothing
BitDefender Found GenPack:Generic.Graybird.7A7448DD
ClamAV Found Trojan.Hupigon-1634
Dr.Web Found BackDoor.Graybird
F-Prot Antivirus Found Possibly a new variant of W32/Threat-Backdoor-Silly-based!Maximus
F-Secure Anti-Virus Found Backdoor.Win32.Hupigon.alw
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.Hupigon.alw
NOD32 Found a variant of Win32/GreyBird
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing[国人的瑞星]
VirusBuster Found nothing
VBA32 Found BackDoor.Graybird
在此对瑞星能力表示怀疑,国内病毒稍微变种下就不认了,真是...............
测试2
测试方案: 灰鸽子2007[使用休闲山庄加密工具变种操作]
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found Trojan.Hupigon.Vt
Avast Found Win32:Hupigon-AMD
AVG Antivirus Found nothing
BitDefender Found GenPack:Generic.Graybird.7A7448DD
ClamAV Found Trojan.Hupigon-1634
Dr.Web Found BackDoor.Graybird
F-Prot Antivirus Found Possibly a new variant of W32/Threat-Backdoor-Silly-based!Maximus
F-Secure Anti-Virus Found Backdoor.Win32.Hupigon.alw
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.Hupigon.alw
NOD32 Found a variant of Win32/GreyBird
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found BackDoor.Graybird
又是一个简单的壳,Rising再次倒下了,他吹嘘的虚拟机脱壳引擎在哪呢??
测试3
测试方案: 灰鸽子2007[使用SVKP变种操作]
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Hupigon-ACA
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Backdoor.Win32.Hupigon.alw
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.Hupigon.alw
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing[国人的瑞星]
VirusBuster Found nothing
VBA32 Found nothing
可以看出,在一个强壳面前,多少杀毒都低下了头
值得一提的是卡巴在这三次检测中表现出色,全部正确标示病毒
卡巴的脱壳能力看起来比瑞星强多了
F-Secure,AVAST的杀毒能力也还不错
测试3
测试方案: 灰鸽子2007[使用牧马游民PE加密工具变种操作]
A-Squared Found nothing
AntiVir Found HEUR/Crypted
ArcaVir Found nothing
Avast Found Win32:Hupigon-AMD
AVG Antivirus Found nothing
BitDefender Found Generic.Graybird.21FA4647
ClamAV Found nothing
Dr.Web Found BackDoor.Graybird
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Backdoor.Win32.Hupigon.alw
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.Hupigon.alw
NOD32 Found a variant of Win32/GreyBird
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found BackDoor.Graybird
感觉从以上来看AntiVir大部分都是在报壳,显示有风险,不过对于病毒的准确定义看起来还要努力下!
下面是最终关!
测试方案: 灰鸽子2007[使用Themida变种操作]
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
全军覆没??!!这样的结果看起来没有丝毫意义,所以我更换并增加了一些杀毒软件
下面是新的测试结果
注意,此次查杀使用的是网络上传多引擎杀毒方式
杀毒软件版本奇特请谅解
之前测试全部为最新版[除BD为7.2]
AhnLab-V3 2007.4.30.1 04.30.2007 no virus found
AntiVir 7.4.0.15 04.30.2007 no virus found
Authentium 4.93.8 04.27.2007 no virus found
Avast 4.7.981.0 04.30.2007 no virus found
AVG 7.5.0.467 04.30.2007 no virus found
BitDefender 7.2 04.30.2007 no virus found
CAT-QuickHeal 9.00 04.30.2007 no virus found
ClamAV devel-20070416 04.30.2007 no virus found
DrWeb 4.33 04.30.2007 no virus found
eSafe 7.0.15.0 04.29.2007 no virus found
eTrust-Vet 30.7.3606 04.30.2007 no virus found
Ewido 4.0 04.30.2007 no virus found
FileAdvisor 1 04.30.2007 no virus found
Fortinet 2.85.0.0 04.30.2007 suspicious
F-Prot 4.3.2.48 - no virus found
F-Secure 6.70.13030.0 04.30.2007 no virus found
Ikarus T3.1.1.5 04.30.2007 Backdoor.VB.EV
Kaspersky 4.0.2.24 04.30.2007 no virus found
McAfee 5019 04.27.2007 no virus found
Microsoft 1.2405 04.30.2007 no virus found
NOD32v2 2230 04.30.2007 no virus found
可以看出,在一个极强的壳下,卡巴也败了下去
而来自奥地利的Ikarus则成了唯一报出文件为木马的杀软
另一方面Fortinet则报出其为可疑文件,值得称道
还有一点,很无奈的,瑞星在五项测试中全部败北,看来国内杀软还有很长的路要走啊
以上测试病毒样本可能过少,但本人明显力量不足以测试那样多的病毒及其变种
此文仅为抛砖引玉,望大家支持下 |
发表于 2007-5-30 18:54:41
楼主
发表于 2007-5-30 22:02:30
