Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Polymorphic Samples

Options
Davo
Davo
in Sample submission

Those 4 samples are detected by avira and microsoft as .GEN and generic detection since they are Polymorphic infection, and it does NOT help to add them to signature.


Here are the samples.


/applications/core/interface/file/attachment.php?id=2729" data-fileid="2729" rel="">Codec.rar

Comments

  • csalgau
    csalgau ✭✭
    Options

    That might be true, but when I picked up the file, everything in it was already detected.

  • Davo
    Davo
    Options

    yes because i sent those few days ago to support also,


    but isn't it better to make generic detection for Polymorphic Samples ?


    Or else it is usuless to add them to signature?

  • AndreiASM
    AndreiASM
    Options

    Generaly, polymorphic samples can only be detected using generic signatures. Polymorphic viruses encrypt their body everytime using a different key (a different algorithm might be used as well), though, changing its binary pattern, making it difficult to find constant strings of bytes, most of the times imposible.

  • SecurityAdvisor
    SecurityAdvisor
    Options

    No that's not the case. BitDefender will keep you safe for sure. Security is not just simple signatures.


    Why are you so sure it has to be the way you suggest?

  • AndreiASM
    AndreiASM
    edited August 2008
    Options

    Please do not turn this topic into a flame. <img class=" />

  • Unknown
    Unknown
    Options

    The way that different AV detect a certain sample is specific to itself (its detection engines). BitDefender differs from Avira and Microsoft. You found a specific case where we need to improve the detection and probably they have other cases they could work on. If you look at detection rates and false positives you can see that BitDefender can do the job. The "XP Antivirus" is widespread malware infection that requires generic signatures. We have that, but unfortunately you can't have a detection for every kind of this piece of malware, because it's different from day to day. If you had more sources, you would notice that too.


    Thanks and ... detection is on the way ;)

  • bogdan.botezatu
    bogdan.botezatu
    Options

    Signing all the polymorphic code might not be the best idea, because it could (and will) trigger a long wave of false positives. If we did sign EVERYTHING you'd probably be extremely displeased with BitDefender blocking some legitimate applications you may be running on your computer.


    As far as the flaming you've just started is concerned, you might be helpful to some extent, but you definitely need to work on your ego.

All Time Leaders

Categories

Defenders of the month