quarta-feira, 18 de agosto de 2010

Updated some info for SET (Social Engineer Toolkit) PDF’s x AntiVirus & Scoring System

Virus Total Public API will make my live much easier . Look previous post about it http://spookerlabs.blogspot.com/2010/08/virus-total-public-api.html .

Some results really surprised me . Take a look and do your all conclusions .

Best AntiVirus to detect SET Malicious PDF (higher is better):

      7  "Sophos"
      7  "Microsoft"
      7  "GData"
      7  "F-Secure"
      7  "F-Prot"
      7  "ClamAV"
      7  "BitDefender"
      7  "Avast5"
      7  "Avast"
      6  "Sunbelt"
      6 "nProtect"
      6  "McAfee-GW-Edition"
      6  "eTrust-Vet"
      5  "Symantec"
      5  "PCTools"
      4  "eSafe"
      3  "NOD32"
      3  "Kaspersky"
      3  "Ikarus"
      3  "Emsisoft"
      3  "Antiy-AVL"
      2  "McAfee"
      1  "VBA32"
      1  "Panda"
      1  "AVG"
      1  "Authentium"
      1  "AntiVir"
      1  "AhnLab-V3"


Missed PDF detection for SET malicious PDF's (higher is worst) :

      7  "VirusBuster"
      7  "ViRobot"
      7  "TrendMicro-HouseCall"
      7  "TrendMicro"
      7  "TheHacker"
      7  "SUPERAntiSpyware"
      7  "Rising"
      7  "Prevx"
      7  "Norman"
      7  "Jiangmin"
      7  "Fortinet"
      7  "DrWeb"
      7  "Comodo"
      7  "CAT-QuickHeal"
      6  "VBA32"
      6  "Panda"
      6  "AVG"
      6  "Authentium"
      6  "AntiVir"
      6  "AhnLab-V3"
      5  "McAfee"
      4  "NOD32"
      4  "Kaspersky"
      4  "Ikarus"
      4  "Emsisoft"
      4  "Antiy-AVL"
      3  "eSafe"
      2  "Symantec"
      2  "PCTools"
      1  "Sunbelt"
      1 "nProtect"
      1  "McAfee-GW-Edition"
      1  "eTrust-Vet"

As we can see lot of AntiVirus missed all PDF from SET what is a big problem for companies . Some AntiVirus have some methods that VirusTotal doesn't emulate and possible those methods could detect them .

I'll do a big analysis against all my pdf's and share the results .

Happy Hacking!

Rodrigo "Sp0oKeR" Montoro

Um comentário:

Thiago disse...

Ótimo script, estou no aguardo, pra realizar uns testes, já!