PDA

View Full Version : Bleeding edge Storm AV analysis


evilghost
11-01-07, 01:51 PM
Received: from client-81-105-70-61.popl.adsl.virgin.net [81.105.70.61]
Wed, 31 Oct 2007 16:55:43 -0500
Received: from idqct ([137.106.132.233]) by client-81-105-70-61.popl.adsl.virgin.net with Microsoft SMTPSVC(6.0.3790.0); Wed, 31 Oct 2007 21:54:11 +0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
From: "greenjo1@bom5.vsnl.net.in" <greenjo1@bom5.vsnl.net.in>
Subject: [TEXT] [SLS] [HDR] [CHAR] Watch him dance
Date: Wed, 31 Oct 2007 16:54:11 -0500
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
Message-ID: <000e01c81c08$91ca4ed0$e9846a89@idqct>
Received-SPF: none (domain of greenjo1@bom5.vsnl.net.in does not designated permitted sender hosts)
X-XWall-Heuristic: 30
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Just a little Halloween fun. http://201.250.104.203/


Figured I'd run the AV scanners through the wringer on halloween.exe and the 'dancing skeleton' to see just how accurate coverage is for this variant.

The results are here, as always, it seems the major vendors (McAfee) fail at detecting it, as usual.

http://i16.tinypic.com/54bbwco.png

LORD-eX-Bu
11-01-07, 03:37 PM
does anyone even use McAfee anymore? :lol:

evilghost
11-01-07, 03:40 PM
Sadly, a bunch of corporations do thanks to the ePO system (e-Policy Orchestrator) :(

Bearclaw
11-12-07, 05:08 PM
I hate Mcafee. Bloated bull****.

DiscipleDOC
11-12-07, 05:38 PM
Sadly, a bunch of corporations do thanks to the ePO system (e-Policy Orchestrator) :(
A company that interviewed me used McAfee. I am so happy I did not get that job...