Malwarebytes fail to detect and remove 12 worms.

[SloppyMcFloppy]

A member on Malwaretips forum decide to do a small test of Malwarebytes and HitmanPro since both of them states they can detect and remove worms. The system was pre-infected by discrete worm samples, and none of the worms were anywhere near zero day; all have been in the wild for a few months. Unfortunately, both of software fail to detect and remove all 12 worms, and both score below 2 which leave users a big vulnerable target for blackhat.

 

 

Source: https://malwaretips.com/threads/malwarebytes-and-hitmanpro-vs-some-worms.52791/#post-446714

[daledoc1]

Hello:
 
You wrote:
 

A member on Malwaretips forum decide to do a small test of Malwarebytes and HitmanPro since both of them states they can detect and remove worms. The system was pre-infected by discrete worm samples, and none of the worms were anywhere near zero day; all have been in the wild for a few months.

 
Until a Malwarebytes staff member or other forum expert has a chance to reply, no one security application can possibly target 100% of all known malware.
MBAM specifically does not target "historical" malware.
In fact, as explained here in the Research Center, malware samples older than 3 months are not targeted:
 

Disclaimer: We apologize, but we will not be adding corrupted files, archived/collections (Old sample(s) 3months + since file creation)  or file infectors. Secondly, we will not add key generators, hacking tools, Joke applications, Casino applications or game cheats unless they contain malicious trojan code.

 
Such malware falls under the purview of the anti-virus/internet security programs, with their much larger databases.
 
>>Having said that, if you have samples of possible malware for possible inclusion in the MBAM database, please read the sticky topics here and here, and then please post the requested information in the Research Center here.
 
I'm sure our more expert forum members and staff will have some additional feedback.
 
Thanks for reporting,
 
P.S. Just to clarify a bit the information you posted at MT here: as my signature block clearly states, I am NOT a Malwarebytes staff member or forum Moderator here.  I am just a home user and forum volunteer.  Also, you omitted from that post the suggestion about submitting malware samples to the Research Team. Thanks.

[SloppyMcFloppy]

Hello:

 

You wrote:

 

 

Until a Malwarebytes staff member or other forum expert has a chance to reply, no one security application can possibly target 100% of all known malware.

MBAM specifically does not target "historical" malware.

In fact, as explained here in the Research Center, malware samples older than 3 months are not targeted:

 

 

Such malware falls under the purview of the anti-virus/internet security programs, with their much larger databases.

 

>>Having said that, if you have samples of possible malware for possible inclusion in the MBAM database, please read the sticky topics here and here, and then please post the requested information in the Research Center here.

 

I'm sure our more expert forum members and staff will have some additional feedback.

 

Thanks for reporting,

 

P.S. Just to clarify a bit the information you posted at MT here: as my signature block clearly states, I am NOT a Malwarebytes staff member or forum Moderator here.  I am just a home user and forum volunteer.  Also, you omitted from that post the suggestion about submitting malware samples to the Research Team. Thanks.

Well, i'm not a malware tester on that video so obviously i don't have the samples. Also, i respect you as moderator on this forum so why not call you moderator? Ain't that make you feels good about yourself?  

[daledoc1]

Hi:
 

Well, i'm not a malware tester on that video so obviously i don't have the samples.

MBAM is specifically designed to provide layered, complementary protection against specific types of zero-hour and zero-day threats often missed by AV and IS  programs. It does not replace or substitute for such applications, as explained here.

Having said that, I am neither authorized nor qualified to address concerns about which malware samples need to be included in the database.
That is a determination only Malwarebytes Staff Members (the Research Team) can make.
Alas, without the samples, it's nearly impossible for the Malwarebytes Research Team to determine if those files ought to be included.

 

Also, i respect you as moderator on this forum so why not call you moderator? Ain't that make you feels good about yourself?

Thanks very much for the compliment.

But, no, I am not a Moderator.

With a few, very rare exceptions, only Malwarebytes employees serve here as forum Moderators or Admins.

 

Thanks again,

[David H. Lipman]

The "worms" were not defined.  Either by family, type or how they exist ( manifest ) on a computer.
 
Worms are a kind of virus that autonomously spread ( self replicate ) via high level functionality or protocols.
 
An Internet worm spreads by using network protocols such as SMTP and NNTP.
An AutoRun worm spreads by using the AutoRun/AutoPlay facility associated with Read/Write media such as Flash Drives.
 
What I saw in Task Manager was Wscript.  That is the MS Windows Script Host which is a computer language interpreter.  It was observed (and it wasn't easy as the view was fuzzy ) running in multiple instances. 
 
One may conclude ( w/o direct information ) is that the malware manifests itself in the scripted form such as Visual Basic or JavaScript. ( VBS or the encoded version VBE, JS or the encoded version JSE ).

 

Malwarebytes' Anti-Malware ( MBAM ) does not target scripted malware files.  That means MBAM will not target; JS, JSE,  PY, .HTML, VBS, VBE, WSF, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc.
It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.
It also does not target media files;  MP3, WMV, JPG, GIF, etc.

 

When one performs a test it must be reproducible and all the variables must be contained and defined.  Nothing was defined in this blatantly flawed, amateur, test.

 

If a test is executed outside of the parameters of the system being tested then the test is invalid.