Profile picture
Karsten Hahn @struppigel
, 18 tweets, 2 min read Read on Twitter
Some arbitrary facts about malware detection names and detection rates on VT.
(thread)
(1) Detection names usually include information about platform, malware type, family and variant, sometimes also hints about the technology that was used to detect the malware.
(2) The malware type and family in a detection name are NOT reliable.
(3) But ESET-NOD32 has the most reliable detection names in my experience.
(4) The variant portion of the name is mostly useless for you unless you work for the company that creates the respective scanner engine.
(5) The term "Trojan" in a detection name is mostly used interchangeably with "Malware" instead of its real meaning.
(6) Umbrella terms are often used instead of a malware family name with "Agent" being the most common default name.
This is because a lot of signatures are created automatically, often without knowing the malware family.
(7) Sometimes malware is too insignificant to give it a proper name.
(8) The umbrella term may also describe behavioural characteristics, e.g. "Runner", "Filecoder". These are no family names.
(9) "Kryptik", "Injector", "Crypted", "Obfus" means the malware is packed or otherwise obfuscated. These are also no family names.
(10) Malware families in detection names are more reliable if you unpack the malware before uploading to VT.
(11) Different vendors have different family names for the same malware family. Yes, it is all a mess.
(12) Security products are not tested for accuracy in malware identification, only whether they detect a file as PUP, malware or clean.
(13) It is common practice NOT to name a malware family by the name the malware author intended it to have.

The big exception is ransomware because it shows its name to the victim and they shall to be able to find information about the malware (decryption tools etc).
(14) Likewise detection names shouldn't provoke the malware author.
(15) A high detection rate on a file will cause even more vendors to detect it. In some cases this is how clean files can spiral into high false positive rates.
(16) Bitdefender's engine is used by other vendors as well (at least 6 I believe). That means one Bitdefender detection results in several vendors detecting a file which increases the VT detection rate significantly.
(17) These are also no malware family names: Zusy, Razy (unless it is paired with the malware type ransomware in which case it may be Razy ransomware), Artemis if it is McAfee (otherwise it may be Artemis backdoor), Graftor, WisdomEyes, ...
There are probably more 🤔
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Karsten Hahn
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @struppigel see all

Profile picture
Some thoughts about maliciousness of joke malware, educational malware and other "gray" areas. (thread)
Malware is any program that does harm to a system or user.
Harm or damage is not limited to things you can count as monetary loss. It can also be sleepless nights, feeling anxious or frightented, having personal data leaked that might or might not be used to harm you later.
Threats harm users. Empty threats also harm users, people don't know whether it is empty.
dailymail.co.uk/news/article-2…
Read 12 tweets

Related threads

Profile picture
Very Brief Introduction to the Blockchain Technology #Thread
Before I proceed, please note, I do not have formal training on the subject matter. The knowledge is from research and thousands of blockchain articles I have ghostwritten. Hence, feel free to chip in your bit. The world is tending towards disruptive technologies, let's join.
In recent times, particularly between 2009 and now, the blockchain technology has continued to attract attention. Let's go back to 1990 when the internet was made public, the truth is that the technology at the time was faced with a lot of criticisms & skepticism, to the extent
Read 28 tweets
Profile picture
FAMILY, MINDSETS & GUILT TRIPS | If you're succeeding in life and trying to create a better life for your parents, siblings or extended family, you should read this. #Thread #NewYearResolutions #NewYear
One of the hardest things you'll come up against is mindset. It is what will cause you the most sorrow. Let me explain using a Nigerian example.
You believe one should have electricity for 24 hours a day. You have the financial means, so you can now attain this using a combination of PHCN, Generator, Inverter and Solar Panels.
Read 14 tweets
Profile picture
The BBC is running a 'fake news week'. To mark the occasion, I thought I'd do a thread. 'Fake news' is a very unhelpful term, which describes at least three different problems, which have three different solutions. #Thread
There is monetised fabrication. People knowingly pumping out rubbish ('The Pope supports Trump') because it's a way of making money through Facebook / Google's ad-revenue model. My colleague @carljackmiller covered it brilliantly here for @BBCClick bbc.co.uk/news/technolog…
This is driven in part by programmatic advertising: ad-tech follow USERS around, and advertise on sites they visit, irrespective of how truthful it is. This is where tech solutions CAN work - ie de-rank / de-monetise etc. Some evidence that's working too. engadget.com/2018/09/14/fac…
Read 16 tweets
Profile picture
#Thread
Tragically what the #CorruptGOP doesn't seem to get is that because they are not dealing in facts, & they are propagating falsehoods to their base, an entire generation of Republican voters, workers, apparachik's at every level; the U.S.A. loses ultimately. There are
People basing real decisions, at real jobs- both public & private sector-on false information. We have the most powerful military, biggest Economy, in the most industrialized nation in the world making Domestic & Foreign Policy based on fasle information.
This can & will end only one of two ways. Either we reverse course before catastrophic consequence or we experience what could be the most catastrophic multi-national event that has occurred since WW2 & the most grave consequences since our Nation's inception nearly 300 yrs ago.
Read 24 tweets
Profile picture
1\ Sometimes, as managers, we only share with our direct reports the information we think they need to get their job done. We do that because we think that's going to make them more productive and focused.

That's a big mistake. #thread 👇
2\ If we withhold information, 1 of 2 things might happen:

A) We don't delegate and end up doing things we shouldn't be doing because "my direct report doesn't know enough". We don't realize that we're making them not know enough and adding us more work that we could...
3\ ... use for doing other things that we should be doing.

B) We're making it harder for our direct reports to talk to other people directly to get shit done, and in turn, make them always come to us to know who to go to.
Read 4 tweets
Profile picture
After the 2015 Mafia war, the heads of the Families (Lá Fámiliá) set up the commission (lá cosa nóstrá) to govern & determine their mutual business venture called 'De-Náijá'. They came to a mutual agreement.
Don Bubï was chosen to head the commission as the godfather.

#THREAD
Don Jagabanio is the head of the riverside Western family, arguably the richest family in the commission; while Don Mobi-Jimi controls the other/less lucrative family on the west end.
Don Ubiama (also known as the Lion) was given d 2nd richest family at the waterside in the south
Others include, Don Sarrachi who retains his territory & also usurped the influential position of No. 3 man in the commission. The godfather was not pleased with the audacious move of Don Sarrachi, but due to the massive support of other under-bosses & Caporegimes in La Famíliá,
Read 33 tweets

Trending hashtags

#ಗಾಹಾ #Nation #TransitionEnergetique #happynewyear #Communication #Resisters #history #beyondfakenews #Children #GiletsJaunes #BFM #AltGov #MachineLearning #Influencers #Startups #ksleg #Ahwaz #Aadhaar #AmaruShataka #Dégoût #socialmedia #ResponseToOshiomhole #Barnaba #EphemeralContent #SanatanaDharma

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!