trend micro heuristic?

Pattern Version: 4.381.00
Release Type: New Malware Threat
Notes: WORM_WOMBLE.AB

March 30, 2007, 13:03:07 (GMT - 08:00)

---------------------
New Virus Detected:
---------------------
There are [426] new virus detected by the pattern file.
All detailed virus names please refer to the list below.

BKDR_AGENT.LQX
BKDR_AGENT.LZL
BKDR_AGENT.MBP
BKDR_AGENT.MID
BKDR_BIFROSE.VR
BKDR_BIFROSE.VU
BKDR_BIFROSE.WE
BKDR_DELF.EHF
BKDR_GRAYBIRD.RS
BKDR_HEURISTI.AL
BKDR_HEURISTI.AM
BKDR_HUPIGON.CWH
BKDR_HUPIGON.CXP

This is a part from the page which gets updated with every virus pattern file update. Now the virus information page says nothing much about this bug. So is it their new heuristics or just some fancy bug named heuristik and its variants? If its heuristics then why they don't bother letting the users know about the feature?

Yeah yeah I know about the av-comparatives result but its a simple question so product bashers stay out.

 

The new heuristic engine is being tested as we speak. It is being tested by a few named testers all over the world. I have to say it works great .

 

Agreed here, also I'm one of the testers. Especially the false positives rate is very low, and I see more and more heuristic detections.

 

Thats excellent news! Well now I remember IBK saying this longtime ago about Trend Micro's heuristics based detection. I simply forgot it. Now I looked carefully and found some heuristic detection for trojans, dialers, packed malwares and password protected malwares. So its in the current engine version 8.320.1004. What is the version you guys are testing? Whats new in that?

 

We (currently) use the same engine, though we use custom signatures.

 

Hi sputnik, In my system new heuristics flags packed crack files as malware. But I know they aren't malware only keygens, cracks, etc. This type of behavior likes Sophos, Quickheal and Fortinet and not a good behavior IMO.

 

@mrhero
True, on some more "exotic" packers it will cause false positives. Please notice that most of these packers are used on cracks, keygens, hacktools and stuff like that. So it shouldn't be any problem for most Trend Micro users.

Though I'm in touch with the beta team regarding exe-packers for some months now, and they are working on it.