Is there a good resource with a listing of malware and their impact on
users' systems? For example, if one wants to know what the "Artemis!"
malware does, where would one look, since Googling it turns up links to
conflicting information about it.

--
Neil

Neil Gould wrote:
> Is there a good resource with a listing of malware and their impact on
> users' systems? For example, if one wants to know what the "Artemis!"
> malware does, where would one look, since Googling it turns up links to
> conflicting information about it.
>
Artemis! is the particular detection engine (or routine) that made the
detection, not the malware name.

From: "FromTheRafters" <(E-Mail Removed)>

> Neil Gould wrote:
>> Is there a good resource with a listing of malware and their impact on
>> users' systems? For example, if one wants to know what the "Artemis!"
>> malware does, where would one look, since Googling it turns up links to
>> conflicting information about it.
>>
> Artemis! is the particular detection engine (or routine) that made the detection, not
> the malware name.

And most likely Heuristic detection.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman wrote:
> From: "FromTheRafters" <(E-Mail Removed)>
>
>> Neil Gould wrote:
>>> Is there a good resource with a listing of malware and their impact
>>> on users' systems? For example, if one wants to know what the
>>> "Artemis!" malware does, where would one look, since Googling it
>>> turns up links to conflicting information about it.
>>>
>> Artemis! is the particular detection engine (or routine) that made
>> the detection, not the malware name.
>
> And most likely Heuristic detection.
>
OK, then what I'd like to know is whether there is a good resource (or set
of resources) to find out the impact and/or behavior of malware that has
been identified, even if identified "by" Artemis!.

--
Neil

Neil Gould wrote:
> David H. Lipman wrote:
>> From: "FromTheRafters"<(E-Mail Removed)>
>>
>>> Neil Gould wrote:
>>>> Is there a good resource with a listing of malware and their impact
>>>> on users' systems? For example, if one wants to know what the
>>>> "Artemis!" malware does, where would one look, since Googling it
>>>> turns up links to conflicting information about it.
>>>>
>>> Artemis! is the particular detection engine (or routine) that made
>>> the detection, not the malware name.
>>
>> And most likely Heuristic detection.
>>
> OK, then what I'd like to know is whether there is a good resource (or set
> of resources) to find out the impact and/or behavior of malware that has
> been identified, even if identified "by" Artemis!.
>
If you take the malware name, and search for it on the website of the
vendor that gave it that name, you sometimes get lucky. Not only is
there not such a resource as you describe - they all use different names
for the malware that they detect.

There used to be a website that attempted to cross-reference the
different names used for the same malware, but I don't remember hearing
of it lately, nor have I heard of another to replace it.

On Feb 4, 5:08*pm, "Neil Gould" <n...@myplaceofwork.com> wrote:
> David H. Lipman wrote:
> > From: "FromTheRafters" <erra...@nomail.afraid.org>
>
> >> Neil Gould wrote:
> >>> Is there a good resource with a listing of malware and their impact
> >>> on users' systems? For example, if one wants to know what the
> >>> "Artemis!" malware does, where would one look, since Googling it
> >>> turns up links to conflicting information about it.
>
> >> Artemis! is the particular detection engine (or routine) that made
> >> the detection, not the malware name.
>
> > And most likely Heuristic detection.
>
> OK, then what I'd like to know is whether there is a good resource (or set
> of resources) to find out the impact and/or behavior of malware that has
> been identified, even if identified "by" Artemis!.

i think your best bet is to actually contact the vendor, send them the
suspect sample, and explain that you need to know these things about
it.

for signature based detection, the industry seems to be moving away
from caring about names, and without a good, unique name it would be
impossible to look up in a database of malware symptoms and
capabilities. even when they still thought names were important, the
online malware description databases only had descriptions for a
fraction of the known malware out there because apparently there's no
money to be had in keeping those up-to-date (and now, with 10s of
thousands of malware instances being created each day, keeping such a
resource up to date would be impossible).

contact the vendor and let them figure out where to get the
information from, instead of trying to hunt it down yourself. even at
the best of times it would have been a crap shoot - but these days
trying to get that info without the vendor is pretty much a lost cause.

FromTheRafters wrote:
> Neil Gould wrote:
>> David H. Lipman wrote:
>>> From: "FromTheRafters"<(E-Mail Removed)>
>>>
>>>> Neil Gould wrote:
>>>>> Is there a good resource with a listing of malware and their
>>>>> impact on users' systems? For example, if one wants to know what
>>>>> the "Artemis!" malware does, where would one look, since Googling
>>>>> it turns up links to conflicting information about it.
>>>>>
>>>> Artemis! is the particular detection engine (or routine) that made
>>>> the detection, not the malware name.
>>>
>>> And most likely Heuristic detection.
>>>
>> OK, then what I'd like to know is whether there is a good resource
>> (or set of resources) to find out the impact and/or behavior of
>> malware that has been identified, even if identified "by" Artemis!.
>>
> If you take the malware name, and search for it on the website of the
> vendor that gave it that name, you sometimes get lucky. Not only is
> there not such a resource as you describe - they all use different
> names for the malware that they detect.
>
> There used to be a website that attempted to cross-reference the
> different names used for the same malware, but I don't remember
> hearing of it lately, nor have I heard of another to replace it.
>
Thanks for your explanation. That is consistent with my admittedly limited
experience in trying to find some basic answers to help friends sort out
some odd behavior on their systems.

--
Neil

David H. Lipman wrote:
> From: "FromTheRafters" <(E-Mail Removed)>
>
>> Neil Gould wrote:
>>> David H. Lipman wrote:
>>>> From: "FromTheRafters"<(E-Mail Removed)>
>>>>
>>>>> Neil Gould wrote:
>>>>>> Is there a good resource with a listing of malware and their
>>>>>> impact on users' systems? For example, if one wants to know what
>>>>>> the "Artemis!" malware does, where would one look, since
>>>>>> Googling it turns up links to conflicting information about it.
>>>>>>
>>>>> Artemis! is the particular detection engine (or routine) that made
>>>>> the detection, not the malware name.
>>>>
>>>> And most likely Heuristic detection.
>>>>
>>> OK, then what I'd like to know is whether there is a good resource
>>> (or set
>>> of resources) to find out the impact and/or behavior of malware
>>> that has been identified, even if identified "by" Artemis!.
>>>
>> If you take the malware name, and search for it on the website of the
>> vendor that gave it that name, you sometimes get lucky. Not only is
>> there not such a resource as you describe - they all use different
>> names for the malware that they detect.
>>
>> There used to be a website that attempted to cross-reference the
>> different names used for the same malware, but I don't remember
>> hearing of it lately, nor have I heard of another to replace it.
>
> MITRE kept the Common Malware Enumeration (CME) project that is now
> defunct.
>
> The naming convention was supposed to be that a CME suffix would add
> the exclamation mark (!)and CME-### where ### is the number
> representing the commonality.
> Suffix example !CME-711
> Full name example: Win32/Stration.DH@mm!CME-416
>
Thanks for the insights, David.

--
Neil

kurt wismer wrote:
> On Feb 4, 5:08 pm, "Neil Gould" <n...@myplaceofwork.com> wrote:
>> David H. Lipman wrote:
>>> From: "FromTheRafters" <erra...@nomail.afraid.org>
>>
>>>> Neil Gould wrote:
>>>>> Is there a good resource with a listing of malware and their
>>>>> impact on users' systems? For example, if one wants to know what
>>>>> the "Artemis!" malware does, where would one look, since Googling
>>>>> it turns up links to conflicting information about it.
>>
>>>> Artemis! is the particular detection engine (or routine) that made
>>>> the detection, not the malware name.
>>
>>> And most likely Heuristic detection.
>>
>> OK, then what I'd like to know is whether there is a good resource
>> (or set of resources) to find out the impact and/or behavior of
>> malware that has been identified, even if identified "by" Artemis!.
>
> i think your best bet is to actually contact the vendor, send them the
> suspect sample, and explain that you need to know these things about
> it.
>
> for signature based detection, the industry seems to be moving away
> from caring about names, and without a good, unique name it would be
> impossible to look up in a database of malware symptoms and
> capabilities. even when they still thought names were important, the
> online malware description databases only had descriptions for a
> fraction of the known malware out there because apparently there's no
> money to be had in keeping those up-to-date (and now, with 10s of
> thousands of malware instances being created each day, keeping such a
> resource up to date would be impossible).
>
> contact the vendor and let them figure out where to get the
> information from, instead of trying to hunt it down yourself. even at
> the best of times it would have been a crap shoot - but these days
> trying to get that info without the vendor is pretty much a lost
> cause.
>
It appears that you're right about there not being any good resource, but to
take it one step further, I doubt that the anti-malware vendor would be of
much help, either. They may know and not want to be bothered with providing
an explanation, or they may not, and just rely on the code structure of
previously identified malware to ferret it out during a scan.

Thanks...

--
Neil

From: "Neil Gould" <(E-Mail Removed)>

> kurt wismer wrote:
>> On Feb 4, 5:08 pm, "Neil Gould" <n...@myplaceofwork.com> wrote:
>>> David H. Lipman wrote:
>>>> From: "FromTheRafters" <erra...@nomail.afraid.org>
>>>
>>>>> Neil Gould wrote:
>>>>>> Is there a good resource with a listing of malware and their
>>>>>> impact on users' systems? For example, if one wants to know what
>>>>>> the "Artemis!" malware does, where would one look, since Googling
>>>>>> it turns up links to conflicting information about it.
>>>
>>>>> Artemis! is the particular detection engine (or routine) that made
>>>>> the detection, not the malware name.
>>>
>>>> And most likely Heuristic detection.
>>>
>>> OK, then what I'd like to know is whether there is a good resource
>>> (or set of resources) to find out the impact and/or behavior of
>>> malware that has been identified, even if identified "by" Artemis!.
>>
>> i think your best bet is to actually contact the vendor, send them the
>> suspect sample, and explain that you need to know these things about
>> it.
>>
>> for signature based detection, the industry seems to be moving away
>> from caring about names, and without a good, unique name it would be
>> impossible to look up in a database of malware symptoms and
>> capabilities. even when they still thought names were important, the
>> online malware description databases only had descriptions for a
>> fraction of the known malware out there because apparently there's no
>> money to be had in keeping those up-to-date (and now, with 10s of
>> thousands of malware instances being created each day, keeping such a
>> resource up to date would be impossible).
>>
>> contact the vendor and let them figure out where to get the
>> information from, instead of trying to hunt it down yourself. even at
>> the best of times it would have been a crap shoot - but these days
>> trying to get that info without the vendor is pretty much a lost
>> cause.
>>
> It appears that you're right about there not being any good resource, but to
> take it one step further, I doubt that the anti-malware vendor would be of
> much help, either. They may know and not want to be bothered with providing
> an explanation, or they may not, and just rely on the code structure of
> previously identified malware to ferret it out during a scan.
>
> Thanks...
>

Yep, it all depends.

For example if we discuss it in advance often I tell someone to submit the sample to
UploadMalware.Com and I'll analyze it and provide a report of my findings to the
submitter.



--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp