Site icon Panda Security Mediacenter

Multi AVs Scanners

From the point of view of a malware developer, one of the main goals when developing a new creation is to avoid antivirus detections, via signature or heuristic technologies. There are different ways to do it, such as using free on-line scanners offered by most of the vendors. But this is something tedious, as you have to go from one to another all the time.

When VirusTotal was born a few years ago, some people were claiming that it was being used by malware developers to test their creations. In some cases, we knew it was true, as we have seen some advertisements in forums showing the scanning results from VirusTotal claiming that certain malware was not detected by any vendor. On January 3rd, VirusTotal decided to remove the option "Do not distribute the sample", so each and every file could be sent to any antivirus vendor.

Since then, we have seen that some underground communities have retaken several projects that allow users to have a tool for analysing their creations.
This is one of the first tools that have been used, known as KIMS:

The interface is half English half Spanish. Even though it seems to be a great tool, it has an incredible disadvantage: you have to install each and every antivirus product locally.

Another tool is one known as Scanlix, with a very simple but very effective interface:

 

It uses some kind of "install & forget" philosophy. When you install it, you do not need to do anything else, but updating it from time to time. If you take a look at the update option, you’ll see that the different signature files will be updated. Maybe its disadvantage is the limited number of engines it uses, though they are likely to improve it considerably in future versions.

Finally, one of the latest projects in this field has been the Multi AVs Fixer, provided with a wide range of engines. However, more than an evolution, it follows the pattern of KIMS, sharing the same disadvantage, as it is necessary to install the antivirus programs locally:

The good thing is that they are still not able to check if the Trojan would be detected by a proactive behaviour technology (as TruPrevent), so we are still one step ahead. We'll keep an eye on future development in this field.

Exit mobile version