The WildList is dead, long live the WildList!

Andreas Marx, Frank Dessmann

  download slides (PDF)

For a very long time, the WildList was the accepted standard for all kind of anti-malware software tests. However, today's real challenges - like targeted attacks and zero-day exploits, as well as adware and spyware - are not covered by the WildList. Traditionally, the WildList only focuses on self-replicating malware such as viruses and worms, but in today's world, these malware types have almost died out and have been replaced by Trojan horses with keyloggers and options to steal PIN and TAN codes for online banking. (The malware world has gone commercial and some of the bad guys are making more money than traditional AV companies!) Besides this, the WildList is usually published 2 to 3 months after the reporting month, so it's outdated when released.

This paper will focus on current problems of the WildList and suggests methods to increase the usefulness of the WildList again, to ensure that not only all today's malware types are covered, but also that the WildList will always be up to date when published on a more regular basis. This includes an analysis of all required processes, better reporting methods and automatisms which must be used to avoid delays in publication.