Detection Stupidity Bitdefender Lab

Flavori
Flavori
edited August 2008 in Malware talk

A file - a virus named: OnlineGames, was detected by most AV's out there.


It was detected by Bitdefender heuristic also but when the Bitdefender Lab want to add all their heuristic to signature they always make


mistake and forgett thousands of thousands files to add from heuristic to signatures.


As you see Ikarus use BD engine and Bitdefender product already removed this file but Ikarus use an old engine so the trojan is still detected by Ikarus but not by Bitdefender, but same engine, isn't this very stupidity from the Bitdefender Lab or not :) ?


Just take a look at one mistake from them here:


Last file scanned at least one scanner reported something about: 1ce3aa62d398d9500ea9233e7039cc44.nhmxfjkl.dll (MD5: 1ce3aa62d398d9500ea9233e7039cc44, size: 105472 bytes), detected by:


Scanner Malware name


A-Squared X


AntiVir TR/Dldr.Delphi.Gen


ArcaVir X


Avast X


AVG Antivirus Generic11.IDW


BitDefender X


ClamAV X


CPsecure X


Dr.Web Trojan.PWS.Wsgame.6334


F-Prot Antivirus X


F-Secure Anti-Virus Trojan-GameThief.Win32.OnLineGames.sprz


Fortinet X


Ikarus BehavesLike.Trojan.ShellHook


Kaspersky Anti-Virus Trojan-GameThief.Win32.OnLineGames.sprz


NOD32 Win32/PSW.OnLineGames.NQW


Norman Virus Control X


Panda Antivirus X


Sophos Antivirus Mal/Behav-136


VirusBuster X


VBA32 Trojan-GameThief.Win32.OnLineGames.sprz

Comments

  • csalgau
    csalgau ✭✭

    It's a common fact that antivirus providers try to give similar names to malware families. Ikarus has been known to excessively copy detection names from other antivirus providers. They might have used an automatic system to classify this sample and as such copied our name blindly.


    To our knowledge Ikarus does not use any Bitdefender technology.


    Please upload the file to out malware submission forum so we can take a look at it.

  • Flavori
    Flavori
    edited August 2008
    It's a common fact that antivirus providers try to give similar names to malware families. Ikarus has been known to excessively copy detection names from other antivirus providers. They might have used an automatic system to classify this sample and as such copied our name blindly.


    To our knowledge Ikarus does not use any Bitdefender technology.


    Please upload the file to out malware submission forum so we can take a look at it.


    Ikarus used ver10 or 11 i dont remember, and they dont copy just the name, in their engine it was BehavesLike.Trojan.ShellHook


    old engine and i see Bitdefender has not added this file to signature but remove it all from the list, now it's nor detected with heur or with signature, You can not just copy name and paste there, the Ikarus did used old BD engine other wise it would not be shown there.


    you Bitdefender Lab guys are fun sometimes.


    That's just my opinion :)

  • csalgau
    csalgau ✭✭
    edited August 2008

    Our heuristics engine uses BehavesLike: <something>. Unless they have access to our sources, and that's certainly not true, they checked detection from other antivirus providers and signed the file with our name adapting it to their requirements.


    The colon is used to indicate the verdict of our heuristics engine so it's imperative it is kept in the detection name.

All Time Leaders

Categories

Defenders of the month