Jump to content

Eset - Older Malware, Detections And Virus Signature Database

Recommended Posts

Hello everyone here on the forums.

ESET staff.

Future visitors.


This topic will be very interesting to say the least.

Recently i have discovered a few old CD's from back in the days when i was getting involved in application development.

We are talking almost 20 years ago.

I fired up my VM, inserted the CD's and began my nostalgic trip down memory lane.

What i discovered i had, was astonishing, and i was surprised i still had them. 9000 + samples of old viruses, Trojans, and the like.


I wanted the chance to see what ESET thought of all these nasty files on my system.

I proceeded to run a scan.


To start with here are some of the pictures i took:






My plan in the coming days is to sort through all the files and mess, to find and separate the win32(32-bit) applications from the MS-DOS and 16bit or lower level language created files. Which are completely useless now days because they won't even run on the newer systems, Not even on XP even. You would need windows 98-95 and older.

I am interested to see how they are going to act with NEWER security products installed. We need to make sure not to have these removed from ESET's db if they still work.


A few points here to make.

  1. These are not in the wild.
  2. These files will not be re-introduced into the wild.
  3. They will never leave my VM. There is absolutely no reason at all anyone could come up with for them to cause an exodus.
  4. ESET is detecting most of these and i am extremely impressed and hope ESET detects them for as long as the company remains in business.


Let us cover a few more points.

  • Newer security companies will most likely not have these detections in their database. They started up after the year 2000+
  • If a few of these viruses were to be used or ran on workstations having newer security companies, the malware might just complete its task successfully.
  • The malware would work especially if these newer products don't have strong heuristics and behavior analysis built in.


Lastly i want to quote a friend that would probably say this better than i could.

The best option to check for active malware in the wild is to go to Microsoft Protection Center and search their Malware Encyclopedia.
If the threat is not listed then it is not active in the wild, only available on remote domains for manual download.

I have done a lot of research and found that Microsoft only detects malware in the wild, so you can bet if Microsoft doesn't detect a threat it is usually remote or a zero-day. Microsoft has the largest malware research center in the world partnered with most other AV vendors to stop the spread of malware. Unlike many other AV vendors who keep old detections and detections of remote threats, Microsoft only focuses on malware which is widely available for accidental downloads. They remove all malware databases after 90 days of no reported infections but most other AV vendors keep their databases much longer because it will look better on AV testing.

These malware hosting domains give bad testing results because they do not make sure that the malware is active in the wild before uploading them for testing. The best samples only come from infected websites that have the source. Once the infected sites are shutdown the malware becomes dead and there is no reason for any AV to detect them since they are no longer available for accidental downloads.

-Littlebits (Malwaretips.com)


However to some extent i have to agree to disagree for some small points and to some degree, for the very fact that; If these viruses can still cause damage, who is to stop someone malicious in nature from obtaining this older malware, reconstructing or re-inventing, or simply trying to distribute. If only the older antivirus companies like ESET , Symantec, McAfee can detect these, then all the newer companies will fail their end users and customers because either A. They do not detect these because they are too old. or B. They removed them from the database simply because they aren't in the wild.


Stay tuned for results as i continue to evaluate and have fun with these older files.

This is for learning and entertainment purposes only.

I encourage all comments, discussions, thoughts, and follows.

Edited by Arakasi
Link to comment
Share on other sites

Yeah stuff like this is always interesting! Considering that vendors have different opinions when it comes to detect or not detect old malware samples.

Edited by SweX
Link to comment
Share on other sites

What we have left. Scanned :P




Next up, coming soon, attempt to execute and launch. :)

if they even launch. :lol:



Later on, Uninstall ESET, Install other security products. Will pick between 5 & 10 of the most common.



Edited by Arakasi
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...