
I recently acquired a few more possible viruses (I am now up to 758 possible Trojan, backdoor, and virus infected files). All of these test files were acquired from in the wild, mostly through cleaning of infected computers and through catching them in the act. There are no known zoo viruses in these tests. Each and every test file was identified as containing malicious code by at least one of these antivirus programs.
Please note that some of these files represent several variations of the same Trojan/virus/malware. It is also possible for one file to contain the code of more than one Trojan, virus or malware. There might also be a few duplicates.
All of the scans were preformed with the following options (if available): scan all files, scan compressed executables, scan inside archive files, and high heuristics.
(The software name and virus definition date precede each test result)
AntiVir Personal Edition (AVPE)
Program: v6.26.00.00 VDF-File v6.26.0.53 from 07.30.20043
647 Possible Viruses/malware/Trojans Found in 647 files out of a total of 758 files!
Approximately 85.36% detection. (Based on number of infected files, not number of infections)
Avast! 4, VPS file version: July 29, 2004 - [0431-2]
620 Possible Viruses/malware/Trojans Found in 607 files out of a total of 758 files!
Approximately 80.08% detection. (Based on number of infected files, not number of infections)
AVG 7.0.253 Professional, Virus Base 264.1.0 7-29-2004:
532 Possible Viruses/malware/Trojans Found in 523 files out of a total of 758 files!
Approximately 69.00% detection. (Based on number of infected files, not number of infections)
eTrust Anti-Virus, 30-07-2004:
575 Possible Viruses/malware/Trojans Found in 576 files out of a total of 758 files!
Approximately 75.99% detection. (Based on number of infected files, not number of infections)
585 Possible Viruses/malware/Trojans Found using non-standard scan!
F-PROT ANTIVIRUS, 30 July 2004
673 Possible Viruses/malware/Trojans Found in 667 files out of a total of 758 files! (Infected: 496, Suspicious: 117)
Approximately 88.00% detection. (Based on number of infected files, not number of infections)
Kaspersky Anti-Virus, Updated: 30-07-2004:
756 Possible Viruses/malware/Trojans Found in 750 files out of a total of 758 files!
Approximately 98.94% detection. (Based on number of infected files, not number of infections)
McAfee, Virus data file v4382 created Jul 28 2004:
756 Possible Viruses/malware/Trojans Found in 745 files out of a total of 758 files!
Approximately 98.28% detection. (Based on number of infected files, not number of infections)
nod32, (20040730) NT
630 Possible Viruses/malware/Trojans Found in 623 files out of a total of 758 files!
Approximately 82.19% detection. (Based on number of infected files, not number of infections)
633 Possible Viruses/malware/Trojans Found using ‘Advanced heuristics’!
Panda Titanium 2004 Anti-Virus, Updated: 07-30-2004:
699 Possible Viruses/malware/Trojans Found in 688 files out of a total of 758 files!
Approximately 90.77% detection. (Based on number of infected files, not number of infections)
Symantec's Norton Antivirus, 7/30/2004:
740 Possible Viruses/malware/Trojans Found in 701 files out of a total of 758 files!
Approximately 92.48% detection. (Based on number of infected files, not number of infections)
Attached is a chart of which test files were identified or missed as containing malicious code by each AV program.
Did your favorite antivirus perform poorly in this test? There are a lot of factors that could have caused this:
Each AV program uses a different virus database. Some containing more malicious signatures than others, meaning some AV programs will have higher detection rates than others.
Each AV company has their own interpretation of what constitutes malware. Some AV companies only want their product to target primarily viruses and worms, and to a lesser degree Trojans and exploits, and to an even lesser degree (or not at all), spyware, hijackers and adware. For example, if you look at the attached chart, you may notice that several of the tested AV programs miss a significant number of the Trojans.
Considering there are roughly 100,000 (or more) unique infections in the wild, a population sample of 758 infected files may not accurately represent true detection rates of AV programs.
Could poor detection of certain AV programs be due to ‘zoo’ viruses in this test sample?
Not likely. First of all, many AV programs will detect zoo viruses. Second, all of these test files were obtained from within the ‘wild’, meaning that all of these files exist outside of laboratories and they have been (unfortunately) released out into the real world. ‘Zoo’ viruses are proof of concept viruses or otherwise unreleased viruses and generally do not exist outside of controlled laboratories. There are no known zoo viruses in these tests.
These test are NOT to determine which AV software is superior, this is just a test on 758 POSSIBLE Trojan, backdoor, and virus infected files.
Please, do not PM, e-mail or otherwise ask for any of these files. These are live viruses, they can do serious damage to your system and others. They are NOT available for sale or trade and will NOT be distributed to anyone. ALL requests for these files WILL BE IGNORED!
Attached Files
Edited by Trilobite, 02 August 2004 - 01:11 PM.