Author Topic: How good is this online malware analyzer? (Read 4467 times)

polonus · « **on:** May 24, 2009, 04:15:27 PM »

Hi malware fighters,

How good is this one? http://camas.comodo.com/cgi-bin/submit

A survey of known online malware analysis online: http://www.malwaredomainlist.com/forums/index.php?topic=1544.0;wap2

polonus

P.S. I for one never used filterbit beta metascanner, and sure gonna try it out, http://www.filterbit.com/

Damian

DavidR · « **Reply #1 on:** May 24, 2009, 05:07:47 PM »

Well I submitted a sample to both camas.comodo and filterbit so you can compare the results against one and other.

The results for comodo look comprehensive, certainly enough to gauge that the file is malicious (which I know it is), see camas.comodo analysis results. This is a little like the Anubis http://anubis.iseclab.org/?action=home scanner providing a detailed analysis of the file and not just running it against multiple scanners.

Whereas the filterbit scan is of less value, being more like virustotal but with a very limited scanner set, see filterbit scan results only 2 of 9 scanners found anything.

Control set from VirusTotal for comparison, an old scan 10 May 2009 on this file found nothing (0/39), so filterbit did a little better. However a new VT scan today shows 17/39 detections, see VT results.

So filterbit doesn't compare well against VT in either the scanners in its set or the detection levels.

Dwarden · « **Reply #2 on:** May 25, 2009, 03:13:58 AM »

well obviously they using some own sandbox system ... plus probably check against own signature/behaviour db ...

i put it sometime ago on my list of sandbox online tests ...

now i'm waiting for fully virtualized multi AV/AM/AS/AT solution ...
you send file and it crunch it against all main (255,65535 w/e

security products available in theirs maximal detection state...

and then i wake up and realized not even NASA got such machine yet lol

cinchez · « **Reply #3 on:** May 25, 2009, 03:40:51 PM »

The second site is quite good but its still in beta^^

AND WHY IS AVAST! NOT INCLUDED IN THE ENGINES?!^^lol^^

DavidR · « **Reply #4 on:** May 25, 2009, 03:54:45 PM »

Which second site, if your are talking of filterbit, then quite good really isn't correct, poor is more to the mark as there are many better.

cinchez · « **Reply #5 on:** May 25, 2009, 03:57:32 PM »

Yes im referring to filterbit^^

Umm ok^^DavidR says so^^so its poor^^

Thanks^^

DavidR · « **Reply #6 on:** May 25, 2009, 04:07:05 PM »

You have to look at the number of scanners, 9 on filterbit against 39 on Virustotal, so it has only 25% of the scanners.

Then you look at the actual scanner results on the site and only 2 of the filterbit scanners found anything but 17 of the virustotal scanners found something on the same file. So it is fairly conclusive, that the scanners on filertbit with only 2/9 detections, doesn't compare with virustotals 17/39 detections.

cinchez · « **Reply #7 on:** May 25, 2009, 04:12:09 PM »

Therefore, they nid to put more scanners to raise the effectiveness of the site^^

Thanks for the explanation^^

DavidR · « **Reply #8 on:** May 25, 2009, 04:16:33 PM »

You're welcome.

I just ran a scan on Anubis on the same file Anubis Scan Results, so you can compare that against the camas.comodo results I posted earlier as they are similar scanners, essentially there both good and only the presentation is different.

Author Topic: How good is this online malware analyzer? (Read 4467 times)

polonus

How good is this online malware analyzer?

DavidR

Re: How good is this online malware analyzer?

Dwarden

Re: How good is this online malware analyzer?

cinchez

Re: How good is this online malware analyzer?

DavidR

Re: How good is this online malware analyzer?

cinchez

Re: How good is this online malware analyzer?

DavidR

Re: How good is this online malware analyzer?

cinchez

Re: How good is this online malware analyzer?

DavidR

Re: How good is this online malware analyzer?