16) Trojan Downloader Win32.Small.emg/SpamBot variant: We can't reproduce a real life situation for this test (the infection occurs via web sites), and we jus run the files locally. Detection with Helios Lite and Spyware Process Detector (a clone of Security...

-Zhelatin worm: P1/P2 -"Kav Virus": P1/P2 Here we just create a simple malicious scripts that we call "kav virus": -P2P-WORM.Win32.Small.y: P1/P2 -Worm.Win32.Agent.ak: P1/P2 -IM Worm Win32.VB.as: P1/P2 Scan for the first test ("fresh mawlare"): Scan for...

-PoisonIvy Rat: P1/P2 In this example the server file (orishas.exe) is not detected by the scanner engine as malicious: -MiniTunnel (pure backdoor which does not install itself on the system but just acts as a server): F1/F2 False positives of 2 scanner...

- Armageddon trojan: F1/P2 - IRC bot: P1/P2 - Fake codecs, zlob and variants:P1/P2 Kav prevents only the malware from being permanent, not the download of roque products. In a live system, this trojan is difficult to remove for inexperienced users ("rebirth...

=================================================Registry Key : HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun.RENName : mssync20Type : REG_SZData : C:Documents and SettingsF.Telecom F.TelecomMes documentsRK.MSSyncmssyc20_filesmssync20.exeKey Modified...

- backdoor oscar: P1/P2 - Fearless keyspy: P1/P2 - backdoor Seed: P1/P2 - Code Injection Downloader: P1/P2 - Iow A's Webdownloader: P1/P2 -Bandoork Backdoor: P1/P2: - Poly Downloader: P1/P2 (trojan generic): -Web Devil Proxy Trojan: F1/P2 Active port...

-Trojan Arduk: P1/P2: -Trojan dialer.ht: P1/P2 -Backdoor PackBot.p: P1/P2 -Bat Virus: P1/P2 -Wmf trojan downloader variant: F1/P2 -Trojan Nyxem: P1/P2 -Backdoor Win32.vb.yh: P1/P2 -Eagle Agent Trojan: P1/P2 This trojan from China is not known from AV...

-Backdoor Win32.WinRC: P1/P2 -Trojan Spy Win32 vb.qq : P1/P2 "Dialer " detections are false positive: We build a server that we call Yahoo Messenger, configured to kill Windows firewall, kaspersky antivirus (avp.exe) etc. -Trojan Spy Win32.VB.dd: P1/P2...

-Worm Scanao: P1/P2 -Worm Delf.bg (also knwon as Worm Cekar by sophos): F1/P2 Kav self-defense: When the host is already infected, the PDM detects s suspicious behaviour, but it's too late (no prevention). -Worm Locksky.au: P1/P2 -Worm Jalabed.b: P1/P2...

7) Man-In-The-Middle Attack: a) Locally with SSLSpoofer (R) : P1/P2 A fake certificate is returned but kav is able to detect the connection of SSLSpoofer on 443 port, and the fake certificate. As it is displayed by the next image (referer), this communication...