Take a look at what PC Tools Software 's system does…
http://www.pctools.com/threat-expert/
Maybe Alwil could get a couple servers with this Threat Expert to help with the growing problem of detectino speed ??
Al968
Take a look at what PC Tools Software 's system does…
http://www.pctools.com/threat-expert/
Maybe Alwil could get a couple servers with this Threat Expert to help with the growing problem of detectino speed ??
Al968
Did you try sending them a sample? http://www.pctools.com/threat-expert/submit/
Not yet
I’ll try later
Al968
this is from pctools forum which has excellent products-i use spyware doctor(full) & registry mechanic(full)&firewall plus(free)-all work with Vista!
http://www.pctools.com/forum/ under threat experts thread
For those people interested in malware behavior you can submit samples files at http://www.pctools.com/threat-expert/submit/ – they should be EXE or DLLs and Threat Expert will email you back a report of everything the file does on the system, like contacting servers, using exploits, downloading files, writing files and registry keys, installing drivers, services … or rootkits, mass-mailing SPAM, installing backdoors, killing firewalls or antivirus apps, stealing CD-keys and game codes, keylogging, all sorts of good stuff.
We’d be happy to hear experiences.
Simon
PC Tools - Essential tools for your PC
and… WinGuides - Empowering the Windows operating system
New submission method… hmm… Haven’t anything to learn from the concurrence?
I’ve just sent one of to see what the response is like it was one mentioned in a topic recently, virus-sample.rar containing thumbs.com (which I submitted).
Thanks David. Good test indeed, so we can stop (or continue) asking a better submission/analysis tool/method 8)
Update:
Well the response was quite fast however, the content was very lacking and of no real use over and above using virustotal, etc. They send you a password protected zip file containing an report.mhtml file (an HTML archive file containing images within the file, etc.) that you can open with any browser that supports that file type, IE and clones.
I don’t know if this was just because this sample was very limited but there was nothing about what it does at all, it just gave the virus name for Kaspersky and McAfee.
Unfortunately I can’t show this lack of information as they include this:
All content ("Information") contained in this report is the copyrighted work of PC Tools Pty Ltd and its associated companies ("PC Tools") and may not be copied without the express permission of PC Tools.
So I remain to be convinced of it use above the multi-engine scanners.
As to the submission method it is no different to uploading a file to VT or Jotti (other than you need to input your email address), the response is however, very prompt even though in this case there was little information.
So this product isn’t very affective, but maybe it could be improved :o
Al968
I’m not sure on its effectiveness but in the case of this submission the report was poor.
There must be more people that have samples that could be submitted to see if there is anything like the quote from drhayden1’s post:
they should be EXE or DLLs and Threat Expert will email you back a report of everything the file does on the system, like contacting servers, using exploits, downloading files, writing files and registry keys, installing drivers, services ... or rootkits, mass-mailing SPAM, installing backdoors, killing firewalls or antivirus apps, stealing CD-keys and game codes, keylogging, all sorts of good stuff.
I don’t know if the fact that this was a .com (executable) file and not .exe or .dll had any impact on the automated analysis and report.