I’ve received an IM for an user that does not know that much English and think that, if I were whom ask Alwil will answer.
He wants to know:
Which are the virus sources of Alwil? From where they receive samples to analyze?
Which of these sources have priority on virus signatures updates?
Is there any website that share samples of virus among antivirus companies?
Why the majority of trojans bankers aren’t detected by avast? Why does Alwil take so long (months) to update the virus database after samples are sent to virus (at) avast.com?
I don’t understand what you mean by virus fonts, fonts are arial, times new roman, courier, etc. and I can’t see the context it is being used in.
Unless this is like a font of wisdom.
An abundant source; a fount: She was a font of wisdom and good sense.
In which case I would say it should be what sources do avast gets their samples from. I somehow doubt that they would divulge such sensitive information.
But you could simply guess (in no particular order or priority):
VirusTotal, Jotti, user submissions, AV reviews that test I would assume that those not detected might be forwarded, honey pots/traps (unprotected systems) left to get infected.
I can see why items 1-3 would be important to an avast user.
As for item 4. this is permanently trotted out in regular posts along with the standard answer, were working on it, etc. etc.
Here in the Brazil are created trojans bankers every week and avast does not detect them. If it will have some source that has priority will be able to send samples by means of it.
@ Tech.
What I mentioned about sources being sensitive, is all about not so much the source but how you go about obtaining samples and more about you don’t go round discussing strategy as once that is known then perhaps malware writer can attempt to counter that or swamp it.
What I can’t understand is the need for an avast user to know this, how does it help him as they still have to filter all submissions. What is to say something that arrives at (if it exists) a priority source to send samples is of a higher priority of something that arrives through user submission to avast.com.
If there was a priority submission facility I also doubt it would be open to the public as that would soon become less of a priority as numbers increased.
avast currently has 2331 banker [trj] listed in the virus database and as you say new variants are spawning weekly, there will always be a problem of keeping up with that on signatures alone, so really what is required is a generic signature which is able to detect variants of the banker trojan.
Henrique, I’m not allowed to quote anything from that reserved forum, but indeed there will be a way to give priority to samples that come from different sources in avast version 5.
The sources could be from email to online scanners. But also, maybe, there were agreements with other antivirus/antimalware companies and security sites to receive samples from them.
They will be sorted by a priority but I think that, right now, it’s not that simple to explain how it would be done.
