Jump to content

A question on identification and naming.


Recommended Posts

Hello

I'm not too sure if you'll be able to help me out with this, but I'll ask anyway. 

 

Does Malwarebytes give the same name to different versions of the same code? I had an Alureon rootkit on my old computer. The anti-rootkit beta detected the partition as Alureon.E.VBR. As some of you may or may not know, Operation Ghost Click was the take down of the huge Alureon/DNSchanger botnet. That got me thinking whether or not the infection I had was related to the botnet that was taken down. 

 

I don't really know how malwarebytes detects different things. If it were sharing the same code but it was a different version, would malwarebytes give it the same name? If I got a an Alureon.E.VBR infection prior to the takedown, is it probable that it was part of that scheme. I'm googling alureon.e and I don't see many infections after the take down, would that indicate that malwarebytes doesn't "blend" different botnets together?

Link to post
Share on other sites

1 hour ago, pondus said:

Interesting thanks

 

Do you know if malwarebytes specifically gives the same name to a different version of the same code?

Link to post
Share on other sites

On 6/7/2017 at 10:24 AM, kurt2121 said:

Do you know if malwarebytes specifically gives the same name to a different version of the same code?

In a general way and not specific to Malwarebytes i think it depends on the malware type and how it is detected, some may get a version letter/number at the end of the name if signatur detected

Malware:A > Malware:B > Malware:C ... Malware:AA > Malware:AB  and some vendors use number Malware:1 > Malware:2 ...

Then you have generic / heuristic detection names that may cover thousands of variations

http://securitywatch.pcmag.com/security-software/284189-heuristic-vs-generic-detection

https://www.opswat.com/blog/understanding-heuristic-based-scanning-vs-sandboxing

https://en.wikipedia.org/wiki/Antivirus_software

Edited by pondus
Link to post
Share on other sites

On 6/7/2017 at 9:00 AM, pondus said:

Then you have generic / heuristic detection names that may cover thousands of variations

Malwarebytes in particular, including our anti-rootkit defs, uses a lot of heuristics.  Very few of our definitions/algorithms cover a single threat/variant and more often than not we target entire families or even multiple families of malware with each rule in our databases.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.