In-the-wild Ransomware Protection Comparative Analysis 2016 Q3

Discussion in 'other anti-malware software' started by itman, Jul 22, 2016.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. Houley456

    Houley456 Registered Member

    Joined:
    Feb 9, 2007
    Posts:
    195
    WOW, thats great.....thanks markloman....
     
    Houley456, Jul 23, 2016
    #26
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,593
    Location:
    U.S.A.
    Perhaps MRG used this: hxxps://github.com/z7ev3n/ransomware as their simulated python ransomeware?
     
    itman, Jul 23, 2016
    #27
  3. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    24,061
    Location:
    UK
    Post that was here has been removed for review
     
    stapp, Jul 24, 2016
    #28
  4. guest

    guest Guest

    May i ask, whose post was removed? cruelsister's?
     
    guest, Jul 24, 2016
    #29
  5. Dark Star 72

    Dark Star 72 Registered Member

    Joined:
    May 27, 2007
    Posts:
    778
    Yes. I read it 5 mins after she posted it and I personally saw nothing wrong with it. It was very interesting and very true.
     
    Dark Star 72, Jul 24, 2016
    #30
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,593
    Location:
    U.S.A.
    HitmanPro commented previously on the methodology MRG used in this test in regards to reputation analysis. If a such testing is to be performed, it should be done using unknown 0-day samples.

    The reason why? Many AV engines including some used by ZAM use "DNA" signatures. These are hybrid signatures developed to identify malicous code commonly used by malware. If the AV engine detects a match on a DNA signature, it will internally sandbox the process and perform further heuristic analysis upon it. In other words, no cloud reputation analysis is actually being performed at this point. If further suspicious process activity is encountered while being monitored, then cloud reputational analysis is performed. Therefore there is suspicion that the altered ransomware samples were actually initially detected by DNA signature, determined to be malicious by heuristic analysis, and no Zemana cloud reputation analysis actually
    performed.
     
    itman, Jul 24, 2016
    #31
  7. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    24,061
    Location:
    UK
    Items were brought up in posts that are best handled in private between all parties involved, and as part of our Terms of Service, we always reserve the right to remove any content, for any reason, and with forum management decisions being final, these posts are not open for public debate.

    Thread now closed.
     
    stapp, Jul 24, 2016
    #32
Page 2 of 2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...