Comparative test of popular antiviruses from the developer of cyber weapons Hacking Team

Just the other day, the internal networks of the famous cyber weapons manufacturer Hacking Team, which was well known in certain circles, were hacked, about which they wrote in detail on Habré. As a result of the leak, about 400GB of files, including e-mail archives, financial documentation, source codes of malicious modules, and much more, got into the network. The so-called Knowledge Base was merged, in which spyware developers accumulated useful information, including the quality of the detection of their creations by various antiviruses. Given the situation, it seems that this test can be fully called "independent", because research was carried out in their own interests.




Three types of malicious load are tested - Silent (a pure malicious agent), Melt (malware in the installer of another application, for example , Firefox or uTorrent) and Exploit (exploit inside an office or other document). Testing was conducted on Windows 7, 64bit. Desktop antivirus data has 82 revisions and is current as of June 16, 2015: Green - the antivirus does not respond to the agent launching. Yellow - the agent establishes a connection with the server, but sometimes antivirus warnings may appear, or the antivirus has a non-standard configuration (i.e. the firewall is disabled). The black





- the agent cannot establish a connection to the server, but there are no antivirus warnings either, or the agent is in the antivirus blacklist.
Red - the agent cannot establish a connection to the server, antivirus warnings appear (the agent is detected as malicious).

Solider is the standard version of the agent.
Elite is an advanced version.

Also, antiviruses are tested for OSX and Android: