One of the main tasks the chapter members conduct is the malware collection and analysis. Every sample is checked against several antivirus vendors and whether it is detected or not. The collected malware samples are classified in three categories:
Here, all antivirus products used can detect the malware and has a definition for it.
The chapter members also collect samples where only some antivirus products used in the test have signatures for. In this case, the rest of the antivirus vendors are notified about this sample.
Sometimes, the honeynet captures “suspected” malware in which none of the antivirus products have signature for, and the hashes are not available in sandbox websites. In such cases, the captured sample is analyzed. Once the sample is confirmed to be a malware, it is then submitted to antivirus vendors to create signatures. |
