Still Little Progress on Malicious PDF
|
On Feb. 23 we had a malware problem with advertising at eWEEK. Initially the malicious PDF being served was detected by only six of the engines at VirusTotal. A couple days later the situation hadn't changed. Today, almost three weeks later, I retested and we're up to 11 of 39 engines detecting the threat. |
All of the ones who didn't detect it the fist time got samples, so the 28 who still don't detect it have chosen not to do anything.
Here's the roll call. Detecting the threat in the PDF:
- Symantec
- BitDefender
- GData
- Sunbelt
- nProtect
- Ikarus
- a-squared
- McAfee-GW-Edition
- AntiVir
- Avast
- Sophos
And the non-detecting hall of shame:
- AhnLab-V3
- Authentium
- AVG
- CAT-QuickHeal
- ClamAV
- Comodo
- DrWeb
- eSafe
- eTrust-Vet
- F-Prot
- F-Secure
- Fortinet
- K7AntiVirus
- Kaspersky
- McAfee
- McAfee+Artemis
- Microsoft
- NOD32
- Norman
- Panda
- PCTools
- Prevx1
- Rising
- TheHacker
- TrendMicro
- VBA32
- ViRobot
- VirusBuster
Interesting and impressive lists. I have to say I'm surprised at some of the non-detectors. It goes to show the increasing insufficiency of detection schemes.
In their defense, the malicious PDF exploits a vulnerability that leads to the downloading of the actual malware that the perpetrators want to plant, and the detection for that malware is likely much better across the board.
