Avast low detection on malware pack?

http://youtu.be/WZbD7nuE81U?t=8m11s

I’m only posting what I see, I don’t know how Avast was configured or anything like that and of course these videos aren’t guaranteed.

39 detected from 324 “samples”

hxxp://malwaretips.com/Thread-Malware-Pack-324-malware-samples-by-ReviewsAntivirus-InternetChicken

Apologies if I’ve posted in the wrong place, and remove the link above if inappropriate (but it’s a link to the samples) – if any avast! staff want to have a look.

Was there any reason or just currently undetected, and soon to be added? Just wondering. Thanks :slight_smile:

I have seen some of those files in the archive…you can quickly upload the files to virustotal…they have very low detection rate at VT…i wouldnt expect any good result from avast! keeping in mind many files have low detection rates like 5/42 or 12/42 etc etc…

Btw its a test bed problem…this is the thing that most testers dont notice…

Igor had already specified test bed problems…and this is what it is on this pack…most of them are very very new zbot,FakeAV Samples having low detection rates…So dont expect much.

see these detection rates of some files from archive:
https://www.virustotal.com/file/38e986550c6550ef26cf41861823625db0fc3c9b6318f8c756fcfced5975dce7/analysis/
https://www.virustotal.com/file/1912934d77c9ccf65ce9862b98a4b2834d10de02fb4f52a4e1d135c761d2d3ed/analysis/
https://www.virustotal.com/file/0dcf7627e372062aad06467e142587c5dcb6d99533fa8955a063c0ad17ca8d79/analysis/1345714147/
https://www.virustotal.com/file/9dda138528ec6873c0dff868ef03b9fe3e7733b32f5a7279c2a56865ed04053a/analysis/
https://www.virustotal.com/file/9d8133e455589813c0d8541575104c7725d0754f3c0a9ea5b2454caf0e6f4cc8/analysis/
https://www.virustotal.com/file/ca0c405a571b55406b5d65e59924eae73d5477d54f0046aa042127dffeb648b7/analysis/
https://www.virustotal.com/file/b658e55b2d8acdeaf90085ee2ac6f28ac3628df6212538b5ea62e3237f6505df/analysis/
https://www.virustotal.com/file/d439360a02b469aacd2ce110a18712ddbd2bfa9b536ce5e9ca977fe7b7af2b2b/analysis/1345714190/
https://www.virustotal.com/file/ffe98fb4097941dddc6eb2269af05798f94b8a5cacd99503e91a778c7346ceed/analysis/
https://www.virustotal.com/file/397097525c887eff7657de51b091b93f69df73567b1794796452841ee99b389e/analysis/
https://www.virustotal.com/file/ac4168c491aff8e6533f52d20a32b839dd7de396c81bbec4614ba2d2d41e58dd/analysis/
https://www.virustotal.com/file/b658e55b2d8acdeaf90085ee2ac6f28ac3628df6212538b5ea62e3237f6505df/analysis/
https://www.virustotal.com/file/86058285e3e45db74856320ad20a0cbb0064ba7c019e0b8541754abedab3803a/analysis/
https://www.virustotal.com/file/dd9dd0e03ee94f052c8a32084b291c93d7a4cf38c89a728a285ecaa54a9ecf12/analysis/
https://www.virustotal.com/file/9c3c123bacafb7398f3004e8060d7c53b99c772a7826b49ad91cd61f7c0b8afd/analysis/
https://www.virustotal.com/file/397097525c887eff7657de51b091b93f69df73567b1794796452841ee99b389e/analysis/ https://www.virustotal.com/file/1f17505f2f235d04984bcc94de7f5694162e2715bfd982454dd0d688786e522a/analysis/1345715013/

and so on…most files are of low detection rates.

so still expecting a AV to get 85 to 90% detection for such brand new things from avast or for any other decent AV? I dont think so… ;D

Nevertheless,we dont need to worry because avast will get these files from VT regularly to add to database…most of the time these files come out from particular IP’s that are usually blocked by avast network shield

Hope this was helpful to make you understand.

read this reply: http://forum.avast.com/index.php?topic=76317.msg635067#msg635067

As I said, I only posted what I saw on Youtube. I’ve never come across this “test bed problem” before, so it’s all new for me.

I also have computers with avast! Free installed and this caught my attention.

Thanks for understanding my post concern.

PS: As for your PM, I wasn’t bashing the product.

tip: Dont watch tests,believe on only your own personal experience ;D

Hi true indian,

Now let us just take the first example you provide: http://systemexplorer.net/file-database/file/savings%20sidekick-exe/11006802
Has been around since 1993 and 2008 and file has a shield toleration from Kaspersky’s
Given as safe here: http://www.isthisfilesafe.de/sha1/C92EB4207AA5A2BC8EF9618C0E3C194D253D45BC_details.aspx
Here again given as threat: http://threatcenter.crdf.fr/?More&ID=90990&D=CRDF.Malware.Win32.PEx.C.386825682
Compare to: http://reports.antivirus-lab.com/134128/savings-sidekick/
See: http://minotauranalysis.com/search.aspx?q=e99a5d8064116eeb28eee7db2a497f3f
Flags come in the Heur.Suspicious category, these catches more malware from pirated sites than FP’s found.
Here we have 20 often found on infected websites: http://www.securiteinfo.com/attaques/hacking/stats_malwares_internet.shtml
All come from not trusted mediums as in our example, see the detection of this component: http://speedutilities.com/virus/component_567.html
So detection and risk is found within a certain arena and this is not a general risk,
so good user habits and common sense can grossly prevent you from being affected, going to pirated content (flash drives/USB sticks)
will enhance the risk of running into such so-far undetected malware,

polonus

Just another one which is not being detected by avast: https://www.virustotal.com/file/ca0c405a571b55406b5d65e59924eae73d5477d54f0046aa042127dffeb648b7/analysis/
Here we had 8 detections: https://threatcenter.crdf.fr/?More&ID=92454&D=CRDF.Trojan.Fakealert-Generic.1414665203
avast detects a similar one here: https://www.virustotal.com/file/4af9bc3d7561c426b83a91560bf9e93d04ff52561a90bae200d512578110ce17/analysis/
Srating from the DrWeb detection: http://v.virscan.org/Trojan.Fakealert.32747.html
and in a lot of virscan results there avast does not appear, avast could have flagged a dropper there,

polonus