Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Security Statistics and Reports
Summary of the Advanced In-The-Wild Malware Test – September 2024
Message
<blockquote data-quote="Adrian Ścibor" data-source="post: 1104719" data-attributes="member: 71496"><p><strong><span style="font-size: 15px">Dear Readers!</span></strong></p><p></p><p>With this summary we conclude this year’s penultimate series of Advanced In-The-Wild Malware Tests. As of September 2024, we have made a few changes under the hood in the Windows 10/11 security software testing application.</p><p></p><p>The first and biggest is that we have developed a new method of capturing more evidence of malware sample detection during the test in the form of screenshots taken several times a minute.</p><p></p><p>We use an OCR tool to read text from the images. Based on this text, we compare the keywords with matching alerts for the anti-virus software in question. If there is a positive match, we store all the records in a database, from which summaries are generated for the vendors. This image recognition capability also allows us to more thoroughly analyse potential malware samples before qualifying them for testing – we reject installers, unwanted (non-malicious) applications, corrupted files and other files that cannot be run in a Windows 11 environment:</p><p></p><p>As an example - a "system error" is reported for a potentially malicious keylog.exe application:</p><p></p><p>[ATTACH=full]285805[/ATTACH]</p><p></p><p>During the initial selection, the corrupted malware sample is rejected due to the detection of a Windows error with the keywords "system error":</p><p></p><p>[ATTACH=full]285806[/ATTACH]</p><p></p><p>Evidence of sample removal from the assay at the preliminary analysis stage:</p><p></p><p>[ATTACH=full]285809[/ATTACH]</p><p></p><p>In summary, the OCR tool we have incorporated into the testing process is used to capture anti-virus alerts and to more accurately identify potential malware samples before they are qualified for testing. The screenshots provide the vendors with further and irrefutable evidence of whether or not malware has been detected.</p><p></p><p><strong>The OCR tool is an additional opinion from the test, alongside the Sysmon logs and the logs generated by the security software under test.</strong> See our <a href="https://avlab.pl/en/advanced-in-the-wild-malware-test/methodology/" target="_blank">methodology page</a> for more details.</p><p></p><h3><span style="font-size: 15px">Security alerts example screenshots:</span></h3><p></p><p>[ATTACH=full]285807[/ATTACH]</p><p></p><p><a href="https://avlab.pl/en/wp-content/uploads/2024/10/threatdown_proof_september_2024.png" target="_blank">[ATTACH=full]285808[/ATTACH]</a></p><p></p><p>We have added optional changed onto the backend as well. You can read them all on the transparency website: <a href="https://avlab.pl/en/changelog/" target="_blank">Changelog » AVLab Cybersecurity Foundation</a> </p><p></p><p><strong><span style="font-size: 18px">September 2024</span></strong></p><p></p><p>Results: <a href="https://avlab.pl/en/advanced-in-the-wild-malware-test/recent-results/" target="_blank">Recent Results » AVLab Cybersecurity Foundation</a></p><p></p><p>And the publication: <a href="https://avlab.pl/en/summary-of-the-advanced-in-the-wild-malware-test-september-2024/" target="_blank">Summary Of The Advanced In-The-Wild Malware Test - September 2024 » AVLab Cybersecurity Foundation</a> </p><p></p><p>We are also working with other vendors to add them to the tests. This is not always technically easy, so we ask for your understanding.</p><p></p><p>I hope that these changes will contribute to even better confidence in us and in our tests.</p></blockquote><p></p>
[QUOTE="Adrian Ścibor, post: 1104719, member: 71496"] [B][SIZE=4]Dear Readers![/SIZE][/B] With this summary we conclude this year’s penultimate series of Advanced In-The-Wild Malware Tests. As of September 2024, we have made a few changes under the hood in the Windows 10/11 security software testing application. The first and biggest is that we have developed a new method of capturing more evidence of malware sample detection during the test in the form of screenshots taken several times a minute. We use an OCR tool to read text from the images. Based on this text, we compare the keywords with matching alerts for the anti-virus software in question. If there is a positive match, we store all the records in a database, from which summaries are generated for the vendors. This image recognition capability also allows us to more thoroughly analyse potential malware samples before qualifying them for testing – we reject installers, unwanted (non-malicious) applications, corrupted files and other files that cannot be run in a Windows 11 environment: As an example - a "system error" is reported for a potentially malicious keylog.exe application: [ATTACH type="full"]285805[/ATTACH] During the initial selection, the corrupted malware sample is rejected due to the detection of a Windows error with the keywords "system error": [ATTACH type="full"]285806[/ATTACH] Evidence of sample removal from the assay at the preliminary analysis stage: [ATTACH type="full"]285809[/ATTACH] In summary, the OCR tool we have incorporated into the testing process is used to capture anti-virus alerts and to more accurately identify potential malware samples before they are qualified for testing. The screenshots provide the vendors with further and irrefutable evidence of whether or not malware has been detected. [B]The OCR tool is an additional opinion from the test, alongside the Sysmon logs and the logs generated by the security software under test.[/B] See our [URL='https://avlab.pl/en/advanced-in-the-wild-malware-test/methodology/']methodology page[/URL] for more details. [HEADING=2][SIZE=4]Security alerts example screenshots:[/SIZE][/HEADING] [ATTACH type="full"]285807[/ATTACH] [URL='https://avlab.pl/en/wp-content/uploads/2024/10/threatdown_proof_september_2024.png'][ATTACH type="full"]285808[/ATTACH][/URL] We have added optional changed onto the backend as well. You can read them all on the transparency website: [URL="https://avlab.pl/en/changelog/"]Changelog » AVLab Cybersecurity Foundation[/URL] [B][SIZE=5]September 2024[/SIZE][/B] Results: [URL="https://avlab.pl/en/advanced-in-the-wild-malware-test/recent-results/"]Recent Results » AVLab Cybersecurity Foundation[/URL] And the publication: [URL="https://avlab.pl/en/summary-of-the-advanced-in-the-wild-malware-test-september-2024/"]Summary Of The Advanced In-The-Wild Malware Test - September 2024 » AVLab Cybersecurity Foundation[/URL] We are also working with other vendors to add them to the tests. This is not always technically easy, so we ask for your understanding. I hope that these changes will contribute to even better confidence in us and in our tests. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
