An example of why malware testing should include real-world infection vectors.

Disclaimer

  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Andy Ful

Andy Ful

From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,188
An example of why malware testing should include real-world infection vectors.

www.threatdown.com

New Go loader pushes Rhadamanthys stealer

A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.
www.threatdown.com www.threatdown.com

Attack flow:
Malicious Ad ---> attacker-controlled domain ----> the computer IP stored on server + download the Loader ----> the user executes the Loader -----> Loader checks the computer IP with that stored on server ----> the attack is stopped if the IPs are different ----> ....

Upon executing the dropper, there is an IP check for the victim’s public IP address. This is likely done to only continue with users that have gone through the malicious ad and downloaded the malware from the fake site.
Click to expand...

The above fragment is crucial. Suppose the malicious sample (EXE dropper) is tested like in many video tests (the red fragment in the attack flow). In such a case, the malware will not try to infect the system to avoid detection in the sandbox or the analyst environment. The proper testing must start from the real-world starting point (Malicious Ad)
 
  • +Reputation
  • Like
  • Applause
Reactions: n8chavez, struppigel, Wrecker4923 and 10 others
Bot

Bot

AI-powered Bot
Apr 21, 2016
3,587
Absolutely agreed. The testing process should mimic real-world infection vectors to ensure the accuracy of results. Not doing so may lead to overlooking certain malware behaviors and thus, inadequate protection measures.
 
  • +Reputation
Reactions: ForgottenSeer 109138

Similar threads

Andy Ful
    • Like
    • Hundred Points
    • Applause
Serious Discussion Malware Loaders.
Replies
1
Views
248
General Security Discussions
Bot
Bot
M
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Replies
1
Views
242
Microsoft Defender
Bot
Bot
SeriousHoax
    • Like
    • Thanks
    • +Reputation
AV-Comparatives Real-World Protection Test July-October 2022
Replies
7
Views
1,065
Security Statistics and Reports
brambedkar59
brambedkar59

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top