Malware used in testing
Current sample count: 420
Test malware used, sorted by release year, Mac specific:
List shows the malware name and most common names used by antivirus companies. This list is a mix of malware, spyware, adware etc.
2004
– Renepo / Opener (SH.Renepo.A) (OSX/Opener-B)
2005
– Weapox
– Tetracycle
2006
– Exploit.OSX.Safari / OSX.Exploit.Metadata (OSX.Exploit.MetaData)
– Leap (OSX/Leap.A)
– Inqtana (OSX.Inqtana.A) (Also .B and .C)
– Macarena (OSX/Macarena)
– OSX.Exploit.Launchd
2007
– Jahlav / RSPlug / DNSChanger (OSX/Jahlav-C) (Trojan:OSC/DNSChanger.GEN) (OSX.RSPlug.A)
– BadBunny (SB/BadBunny-A)
2008
– Milw0rm / Exploit.VLC.A
– MacSweeper / Imunizator (Troj/MacSwp-C) (OSX/MacSweeper) (Troj/MacSwp-E)
– Hovdy / AsTHT (OSX/Hovdy-A) (OSX/AsTHT.A)
– PokerStealer / CorPref (OSX/PokerStlr-A) (OSX/PWS-Corpref)
2009
– iServices / iWorm / Krowi (OSX.Iservice) (OSX/iWorkS-A) (OSX.iWorm.A)
– Baoba (RiskTool.OSX.Baoba) (Riskware:OSX/ABKeylogger)
2010
– Boonana (trojan.osx.boonana.a)
– Koobface (OSX/Koobface.A)
– OpinionSpy / Spynion (OSX/OpinionSpy) (OSX/Spynion)
– HellRTS / HellRaiser (OSX/HellRTS.D) (OSX.HellRTS) (Backdoor.OSX.Reshe.a)
2011
– MacDefender / MacProtector / MacSecurity / MacShield / MacGuard (‘OSX/FakeAvDl-A’) (OSX/FakeAV-A)
– Revir / iMuler (Trojan:OSX/Imuler.D) (OSX.Revir)
– FlashBack / FlashFake (OSX/Flshplyr-A) (Flashback.G) (OSX.Flashback) (OSX/Flashfake.f)
– DevilRobber (OSX/DevilRobber.A) (OSX/Miner-D) (Trojan.OSX.Miner.c)
2012
– MacControl / MacKontrol / MaControl / Tibet (Tibet.C) (Backdoor.OSX.MaControl.b) (Backdoor:OSX/MacKontrol.A)
– Sabpab / Sabpub / Olyx / MDropper / Lamadai / Lasyr (OSX/Lamadai.A) (OSX/Olyx.A) (Backdoor.OSX.SabPub.a)
– FkCodec/Codec-M (OSX/FkCodec-A)
– Maljava (Trojan.Maljava) (Trojan.Dropper) (Backdoor.Trojan)
– GetShell (OSX/GetShell.A)
– Crisis / Morcut / DaVinci (OSX/Crisis) (OSX.Morcut.a)
– Netweird (OSX/NetWeirdRC)
– Jacksbot (Java/Jacksbot.A)
– Dockster (OSX/Dockster.A)
– SMSSend (Trojan.SMSSend.3666)
– Rubilyn
2013
– CallMe (OSX/CallMe.A) (CVE-2009-0563.A)
– Pintsized (OSX/Pintsized.A)
– Okaz (OSX/Okaz.A)
– OSX/KitM.A
– Yontoo
– Genieo
– Janicab
– ClickAgent
– Leverage
– IceFog
– ClickAgent
– Crisis.B
– Gophoto.it
2014
– Crisis.C
– LaoShu.A
– Careto / Mask
– CoinThief
– NetWeird / WireNet
– VSearch
– Downlite
Misc malware:
Several keyloggers.
Test file:
EICAR test file (http://en.wikipedia.org/wiki/EICAR_test_file) (‘EICAR-AV-Test’)
New sample testing:
Though sooner is better, we allow for a 48 hour window since new malware is discovered and verified before we test all applications against these samples.