Just Released: Trojan Simulator 1.0

Discussion in 'malware problems & news' started by Magnus Mischel, Jan 1, 2003.

Thread Status:
Not open for further replies.
  1. Magnus Mischel

    Magnus Mischel Security Expert

    Joined:
    Oct 24, 2002
    Posts:
    185
    For years you have been able to test your virus scanner with the harmless "Eicar" test file. Using the just released "Trojan Simulator" you can now test your trojan scanner in the same manner, using a harmless demonstration trojan. This is a risk-free way to see how your security software behaves in a real-world situation.

    Web page:
    http://www.misec.net/trojansimulator

    Download:
    http://www.misec.net/products/TrojanSimulator.zip

    Installation is simple: Simply unzip all files contained in TrojanSimulator.zip to any directory. To start, double-click TrojanSimulator.exe. A comprehensive Readme file is included, explaining how Trojan Simulator works. The online version of the readme file is available at the Trojan Simulator web page, http://www.misec.net/trojansimulator
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Although clearly seen in the "Running Processes" window, it is not picked up as any kind of malware by TDS-3. Pete
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Nice, Magnus ;).

    Pete,

    have a look at my comment over here

    regards.

    paul
     
  4. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    :D Heehee, it helps to be a TH user :D
     

    Attached Files:

  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Ran ;)

    You obviously didn't read my comment :D. DCS can design a "fake trojan" and database it - and it will go undetected by TrojanHunter. It's a database issue - no more, no less.

    regards.

    paul
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Paul,

    :D I didn't see your post here about it, but I posted much the same sentiment at DSL's Security forum.

    Guess we both know how we feel about meaningless 'tests'! P
     
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    ...and rightly so ;)

    Well, it proves a well known point. It doesn't bother me (EICAR doesn't either ;) ) - it needs good interpretation though. Without that, people might get worried for no reason at all.

    regards.

    paul
     
  8. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    No, I did read it, but I couldn't resist having a little fun at you TDS guys' expense !!! :D :D
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Ran,

    Grin..that's OK - a little fun does brighten up things ;). I for one am not the "competition guy" - Magnus is doing a very fine job. DCS is doing an outstanding job as well.

    Just curious: did you ever installed a trial version from TDS, and let it loose on your malware collection? Seems like a fair way to go in regard to comparisons ;)

    regards.

    paul
     
  10. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    I might try it out on the things TH still doesn't detect; my overall collection has gotten so large, it would take awhile to test on everything. I suspect TDS will detect everything that TH detects, with some minor exceptions. Magnus has been doing well, both in creating the new version 3.0 of TH and in expanding the TH ruleset.

    One other reason I haven't installed TDS is because all my home puters are Win9x, and TDS is reportedly a resource drain on 9x, although I suppose that would be irrelevant so long as I only use TDS as an on-demand scanner: I understand it's the resident execution scanning that eats resources.

    It will be rather ironic/funny if the other AT vendors choose to include Trojan Simulator in their signatures, similarly to the way Gibson's LeakTest was included.
     
Loading...
Thread Status:
Not open for further replies.