Strange Virus Signature!?

[true indian]

go there: http://www.avast.com/virus-update-history

Under 13.12.2012 - 121213-0
 
2nd line I see a signature named FileRepMalware is added to database.

Wondering what it is   

[polonus]

Hi true indian,

FileRep knows if it’s naughty or nice
The new FileRep feature enables faster threat identification by sorting new, potentially dangerous files from known safe files. With hundreds of millions of executable files already in the cloud-based database, the goal of FileRep is to categorize all files on the web. Sourced from the CommunityIQ sensor network, this data helps avast! decide when questionable files should be placed in the AutoSandbox.
Info here: http://www.avast.com/pr-avast-software-detection-is-faster-when-filerep-knows-all-the-clean-files

polonus

[RejZoR]

I was searching for FileRepMalware because i got this detection during testing and i found this thread. Here is an image of the detection in action on a real live malware.



It seems that avast! can now directly flag certain files that only have malicious reputation without placing them in the Auto Sandbox for further evaluation.

[true indian]

Nice! avast! is going the correct way 

[igor]

It seems that avast! can now directly flag certain files that only have malicious reputation without placing them in the Auto Sandbox for further evaluation.

Yes, that's true.
It's not necessarily about reputation though (a reputation alone wouldn't be enough for a full detection, it has to be backed up by some analysis).
It's more about using some powerful hardware (the last image here, in particular - pity you can't see the nice "cooling tower") to perform a clever analysis of incoming malware samples, and then connecting it to the FileRep infrastructure to distribute the new detections at the maximum possible speed.

[Asyn]

1. I was searching for FileRepMalware because i got this detection during testing and i found this thread. Here is an image of the detection in action on a real live malware.

2. It seems that avast! can now directly flag certain files that only have malicious reputation without placing them in the Auto Sandbox for further evaluation.

1. RejZoR, thanks for the screenshot.
2. That's great.

[bob3160]

@igor,
Are you managing to keep the gamers away     Wouldn't mind a toy like that for Christmas.

[DavidR]

@igor,
Are you managing to keep the gamers away     Wouldn't mind a toy like that for Christmas.

Your household power supply probably couldn't handle it or the electricity bill ?

[bob3160]

@igor,
Are you managing to keep the gamers away   Wouldn't mind a toy like that for Christmas.

Your household power supply probably couldn't handle it or the electricity bill ?

I guess if I ever get back to Prague, I'll see if I can watch this super duper computer in action.

[Pondus]

had to check   

VirusTotal - URLscan
https://www.virustotal.com/url/0c98004dd11db7b227520f52aa4c5c9452a6ff92a11f9895e0b3cf80869ffcc2/analysis/1356277729/

VirusTotal - file scan
https://www.virustotal.com/file/2aa63c059574df96355cea42ae13f4d0e682076ee21ac6e429a75477223511d5/analysis/1356277734/

[DavidR]

Well that pretty much confirms the detection by filerep and looks like that has filtered through to be a part of the win32:Malware-gen signature.

[spywar]

Glad to know .. This FileRep is going to be very powerfull with the time.