Virus download site

Googling for information about a virus the other day, I came across a site were virus writers were discussing ways of making viruses undetectable to AV scanners. Another site linked to on that page is a collection of downloadable viruses. A quick sample suggests 90% are already detected, but a few are not:

Complete scanning result of “Trojan-Downloader.Win32.Delf.ac.z”, received in VirusTotal at 04.07.2007, 12:46:51 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 TR/Delphi.Downloader.Gen
Authentium 4.93.8 04.06.2007 could be infected with an unknown virus
Avast 4.7.936.0 04.06.2007 no virus found
AVG 7.5.0.447 04.07.2007 Downloader.Delf.AP
BitDefender 7.2 04.07.2007 Trojan.Downloader.Delf.AC
CAT-QuickHeal 9.00 04.06.2007 no virus found
ClamAV devel-20070312 04.07.2007 Trojan.Downloader-2910
DrWeb 4.33 04.07.2007 Trojan.Webdel
eSafe 7.0.15.0 04.07.2007 Win32.Banload.be
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.07.2007 Downloader.Delf.ac
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 W32/Delf.AC!tr.dldr
F-Prot 4.3.1.45 04.04.2007 no virus found
F-Secure 6.70.13030.0 04.06.2007 Trojan-Downloader.Win32.Delf.ac
Ikarus T3.1.1.3 04.07.2007 Trojan-Dropper.Win32.Delf.MQ
Kaspersky 4.0.2.24 04.07.2007 Trojan-Downloader.Win32.Delf.ac
McAfee 5003 04.06.2007 Downloader-FC
Microsoft 1.2405 04.07.2007 TrojanDownloader:Win32/Tearspear!392B
NOD32v2 2172 04.07.2007 probably unknown NewHeur_PE virus
Norman 5.80.02 04.05.2007 W32/Delf.AATB
Panda 9.0.0.4 04.06.2007 Suspicious file
Prevx1 V2 04.07.2007 no virus found
Sophos 4.16.0 04.06.2007 Troj/Dloadr-AUH
Sunbelt 2.2.907.0 04.07.2007 Trojan-Downloader.Win32.Delf.ac
Symantec 10 04.07.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 Trojan/Downloader.Delf.ac
VBA32 3.11.3 04.06.2007 Trojan-Downloader.Win32.Delf.ac
VirusBuster 4.3.7:9 04.06.2007 no virus found
Webwasher-Gateway 6.0.1 04.07.2007 Trojan.Delphi.Downloader.Gen

Obviously I’m not going to post the URL’s, but if anybody from avast! is interested, I can PM/email them the relevant information.

Do you mean you have a list about a dangerous virus website, like a host file,s, i,m very interesting to a get inform that kind of web page, then i can put it to my internet otions security tab settings. If you want post me that list okay thank you.

It’s just one site which claims to have a collection of 66711 viruses. I sampled about 20 and two were undetected by avast!

I’ve emailed both to avast!, but there may well be more undetected.

Another one:

File “Trojan-PSW.Win32.Banker.apq.zip” received on 04.07.2007 at 13:41:36 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they’re generated.

Antivirus Version Update Result
AhnLab-V3 2007.4.7.0 04.06.2007 no virus found
AntiVir 7.3.1.48 04.07.2007 TR/PSW.Bancos.LF.1
Authentium 4.93.8 04.06.2007 W32/Banker.AQO
Avast 4.7.936.0 04.06.2007 no virus found
AVG 7.5.0.447 04.07.2007 no virus found
BitDefender 7.2 04.07.2007 Trojan.Spy.Delf.AR
CAT-QuickHeal 9.00 04.06.2007 no virus found
ClamAV devel-20070312 04.07.2007 Trojan.Bancos-2205
DrWeb 4.33 04.07.2007 Trojan.MulDrop.1247
eSafe 7.0.15.0 04.07.2007 no virus found
eTrust-Vet 30.7.3549 04.06.2007 no virus found
Ewido 4.0 04.07.2007 no virus found
FileAdvisor 1 04.07.2007 no virus found
Fortinet 2.85.0.0 04.07.2007 W32/Banker.JN!tr
F-Prot 4.3.1.45 04.04.2007 W32/Banker.AQO
F-Secure 6.70.13030.0 04.07.2007 Trojan-Spy.Win32.Banker.jn
Ikarus T3.1.1.3 04.07.2007 Trojan-Spy.Win32.Bancos.D
Kaspersky 4.0.2.24 04.07.2007 Trojan-PSW.Win32.Banker.apq
McAfee 5003 04.06.2007 Generic.cb
Microsoft 1.2405 04.07.2007 no virus found
NOD32v2 2172 04.07.2007 Win32/PSW.Banker.NAA
Norman 5.80.02 04.05.2007 W32/GenericDrp
Panda 9.0.0.4 04.07.2007 Generic Trojan
Prevx1 V2 04.07.2007 no virus found
Sophos 4.16.0 04.06.2007 no virus found
Sunbelt 2.2.907.0 04.07.2007 no virus found
Symantec 10 04.07.2007 no virus found
TheHacker 6.1.6.085 04.04.2007 no virus found
VBA32 3.11.3 04.06.2007 suspected of Trojan-Spy.xBank.24
VirusBuster 4.3.7:9 04.06.2007 TrojanSpy.Banker.BC

actually that site You got in mind (atleast i think i know which one You mean) is one of valid virus collectors/traders sites i know

and You can’t be suprised Avast! miss many (it was same year ago) … i can show You tons of examples where KAV, NOD etc fails

way too many variants or local releases … only way how made sure they sooner or later get into VPS is sending missed to Alwil

Won’t be useful to check avast virus database against this webpage from time to time?

Hi FreewheelinFrank,

I’ve PM’d you a couple links I have (available to any avast! evangelist or alwil team member)

Drop me a PM with yours when you have a chance.

Hi mauserme,

It’s one of your sites. :wink:

the viruses seem to date from last year, so they may not be a priority to add.

I guess if the site is common knowledge, the avast! team probably know about it anyway.

Maybe not common knowledge but I’ve always assumed the “team” knows about them :slight_smile:

So, why are some of them undetected YET? :cry:

Hi Tech,

We were there before, read about it here: http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038739.html
“It will be executed because if windows is not able to access the long file name then the short file name is used to access the file in +x or execute mode…”
If this was possible then, why not to-day or what have they done about the missed detections? Has this been discussed here on the webforum? I do not remember it was ever mentioned.

polonus

Won’t Alwil team comment?

Vulnerable anti-virus Engine:

Kaspersky Antivirus
Symantec AntiVirus
F-Prot Antivirus
ClamWin Antivirus
[b]Avast Antivirus[/b]
RAV AntiVirus
Microsoft AntiSpyware

This is a very old report.

I’m sure this malicious file name bypass vulnerability has been covered in the forums before and corrected.

If you’re right, sorry Alwil team :cry:
Just that I’m not sure and can’t find relevant info in forums…

Yes I couldn’t find it either (a lot of information on the forums ;D) but I do remember the malformed/malicious file name bypass issue being discussed.

Yes, I’ve known this site for a while and I have sent quite a few times batch of files that were undetected but rarely did avast create a detection for it.

Also if you look in the link section you will find other sites where you can download viruses and Exploits.

Al968