heuristic detection engines produce AV naming chaos

Wow, this must be a new record in terms of naming chaos for a trojan

This is about Carberp, a well known trojan that caused havoc back in October 2010 with mass infections in Europe and the US. It is currently being distributed through Blackhole exploit kits.

A quick look at the sample (http://www.virustotal.com/file-scan/report.html?id=830f26ceb57bbcec5716d2e75cb816304396f9e0a48005ef9f6c325e6c318851-1312172223) confirms that is indeed the Carberp Trojan

If you followed the link to virustotal, 23 out of the 43 Antivirus engines detected something.

These 23 Antivirus Engines produced 17 (!) different names for it… Only one (DrWeb) said Carberp…

Why do these Antivirus Engines return a name at all? They can pretty much just reply with infected or good as these names don’t provide any info as well. I’m not sure whether the extensive use of Heuristics provides any value here…

  • a variant of Win32/Kryptik.QOS
  • Gen:Variant.Kazy.32322
  • Generic.dx!badg
  • Generic23.CGDK
  • HEUR:Trojan.Win32.Generic
  • TR/Kazy.32322.2
  • Trj/CI.A
  • Trojan.Carberp.10
  • Trojan.Gen
  • Trojan.Win32.Generic!BT
  • Trojan/Generic.iucm
  • UnclassifiedMalware
  • W32/Dx.BADG!tr
  • Win32.SuspectCrc
  • Win32.SuspectCrc!IK
  • Win32:Eyestye [Trj]
  • Win-Trojan/Malware.128512.DH



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>