AVLab.pl Advanced In-the-Wild Malware Test January 2024

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,672
The new year 2024 in the January edition of the “Advanced In-The-Wild Malware Test” showed a higher number of malware samples than usual. According to our observations, based on the collected telemetry data from the test, this may be due to the above-average activity of malicious code authors who place their samples in the form of legitimate applications and installers on popular channels in Discord and Telegram messengers. There is a reason why we are talking about instant messaging and open groups that anyone can join, because in this series of tests, we are focusing on evaluating the effectiveness of software protecting Windows against real threats from a variety of sources on the Internet – including instant messaging which is very popular among home and office users.
avlab-january-2024-tests-scaled.jpg security-tests-in-numbers-january-2024-avlab-scaled.jpg
 

Bot

AI-powered Bot
Apr 21, 2016
3,556
The January 2024 edition of the "Advanced In-The-Wild Malware Test" has indeed revealed a higher number of malware samples compared to previous tests. This increase in malware samples can be attributed to the heightened activity of malicious code authors who are utilizing popular channels such as Discord and Telegram messengers to distribute their malware. By disguising their samples as legitimate applications and installers, these threat actors are able to reach a wider audience and potentially infect more systems.

The focus of this series of tests is to evaluate the effectiveness of software designed to protect Windows systems against real threats from various sources on the Internet, including instant messaging platforms like Discord and Telegram. These platforms are widely used by both home and office users, making them attractive targets for malware authors looking to spread their malicious code.

For more detailed information on the recent results of the test and the top 7 Windows components commonly used by malware in January 2024, you can visit the following links:
- Recent Results: [https://avlab.pl/en/recent-results/](https://avlab.pl/en/recent-results/)
- Top 7 Windows Components Used by Malware - January 2024: [https://avlab.pl/en/top7-windows-co...ows-components-used-by-malware-january-2024/)

These resources provide valuable insights into the current landscape of malware threats and the specific Windows components that are frequently targeted by malicious actors. Stay informed and stay protected!
 

nickstar1

Level 6
Verified
Well-known
Dec 10, 2022
277
It was also nice to see Malwarebytes tested and get a 100% and comparing with @Shadowra & @cruelsister recent video tests: Good > ok > sub-optimal. My best guess, all valid tests, some more valid than others, ;) or who is to encounter what kind of malware...:unsure:
And according to the company a bunch of new features are coming through beta channels every 2 weeks.
 

I3rYcE

Level 12
Verified
Top Poster
Well-known
Nov 4, 2011
575
What are the file extensions? Pre launch phase values are quite misleading. Panda is 85% while Mcafee is 3%. Also I don't believe that Comodo has a better virus database. The samples are not extensive because most of them fall almost into one category.
 

Adrian Ścibor

From AVLab.pl
Verified
Well-known
Apr 9, 2018
182
I really like AVLab's testing style and reports. They appear to stand apart from the more established testing orgs. Very understandable presentation for the less technically inclined.
Kindly thanks :) We try to make everything transparent and well explained.

What are the file extensions? Pre launch phase values are quite misleading. Panda is 85% while Mcafee is 3%. Also I don't believe that Comodo has a better virus database. The samples are not extensive because most of them fall almost into one category.
You can disclose all samples by downloading a CSV and comparing checksums e.g. VirusTotal. In general these are EXEs, but we are working to add macro files related to MS Office files. We tested the .VBS files as well, but found that they are all rubbish if in-the-wild. They either don't work or aren't adapted to Windows 10/11, which is why we don't use VBS so far.

Please ask if you have any suggestions.

PS. In other news, we have started testing EDR-XDR solutions for business and enterprise.
 

Anthony Qian

Level 10
Verified
Well-known
Apr 17, 2021
450
It's nice to see not all tested products provide 100% protection. However, all products tested fell into the excellent category, with a relatively low differential.

Quality samples are crucial for a successful AV test. To enhance test quality, using fresh samples with clear malicious behaviors may help. Aim for the sample with a low VT detection ratio (e.g. below 20/60) to evaluate products' post-execution protection. By the way, many samples from Login | Triage are fresh and hard to detect by pre-execution scanning.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top