The WildList is dead, long live the WildList!

Andreas Marx, Frank Dessmann

  download slides (PDF)

For a very long time, the WildList was the accepted standard for all kind of anti-malware software tests. However, today's real challenges - like targeted attacks and zero-day exploits, as well as adware and spyware - are not covered by the WildList. Traditionally, the WildList only focuses on self-replicating malware such as viruses and worms, but in today's world, these malware types have almost died out and have been replaced by Trojan horses with keyloggers and options to steal PIN and TAN codes for online banking. (The malware world has gone commercial and some of the bad guys are making more money than traditional AV companies!) Besides this, the WildList is usually published 2 to 3 months after the reporting month, so it's outdated when released.

This paper will focus on current problems of the WildList and suggests methods to increase the usefulness of the WildList again, to ensure that not only all today's malware types are covered, but also that the WildList will always be up to date when published on a more regular basis. This includes an analysis of all required processes, better reporting methods and automatisms which must be used to avoid delays in publication.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.