VX Heaven

Bibliothek Sammlung Quellcodes Engines Konstruktoren Simulatoren Zusatzprogramme Links Forum

More or less frequently asked questions

Q. Why are all the virus creation programs infected with viruses themselves?

A. Let see what is "infected" and why.

$ kavscanner -C kav4unix.conf in/
Kaspersky Anti-Virus On-Demand Scanner for Linux.
Version 5.5.3/RELEASE build #100, compiled Jul 27 2005, 15:36:21
Copyright (C) Kaspersky Lab, 1997-2005.
Portions Copyright (C) Lan Crypto
There are 173859 records loaded, the latest update 30-03-2006
Config file: kav4unix.conf
.../in/ Archive ZIP
.../in/ INFECTED Constructor.DOS.BW.100                 (1)
.../in/ Archive ZIP
.../in/ INFECTED Virus.DOS.BW-based      (2)
.../in/ INFECTED Virus.DOS.BW-based
.../in/ INFECTED Virus.DOS.PS-MPC-based
  1. Note that the file BW.COM detected as "Constructor" not as virus
  2. The archive contains ready to use samples of the viruses and they detected as such

What avers say about VCKs:

Constructors and VirTools

Virus writers use constructor utilities to create new malicious programs and Trojans. It is known that constructors to create macro-viruses and viruses for Windows are in existence. Constructors can be used to generate virus source code, object modules and infected files.

Some constructors come with a user interface where the virus type, objects to attack, encryption options, protection against debuggers and dissasemblers, text strings, multimedia effects etc. can be chosen from a menu. Less complex constructors have no interface, and read information about the type of virus to be built from the configuration file.

VirTools are all utilites created to simplify virus writing. They can also be used to analyze viruses to see how they can be used in hacking attacks.

Also the constructor may contain the parts of the viruses inside. Nobody wants to infect you, but if you are unsure or do not trust me then just stay away from viruses and from this site, and hopefully all will be right.

Q. How to download the enire virus collection?

A. The collection (build date 2007-09-14) as single archive is available in BitTorrent. You may get the .torrent file here.

Why,Why,Why you can't test your AV with VX Heaven virus collection

Or how you can save a lot of time and bandwidth and avoid to be fooled by meaningless numbers.

What would likely to "win"?

You should not bother to make a test to know who will win, I tell you, I bet it will be:

  1. With 100% detection rate. KAV 5.5.18/Linux (databases 11/12/2006 - the last time the collection was updated)
  2. KAV for Linux (with newer databases)
  3. KAV any version
  4. The rest of anti-viruses will start here

Why? Because KAV was used to sort the collection. If you can't understand this, you better stop messing up with viruses and get a life.

Your test will show nothing

What are you going to test? The reaction of the product to the infected sample? You better use EICAR test file. The "real" detection rate? You should carefully collect the samples of ITW creatures. You must scrutinely check each sample to be sure that it is not corrupted; that it is able to work; that it's not a ten lines long script file from 20 which are a creature as a whole, not by parts; that's not a dump of a boot virus etc etc etc Did you? Or you just downloaded ten corrupted MS-DOS boot viruses from, run XXX against it and crying that XXX is is shit because it failed the "anti-virus test"? Go on with you!

What are you going to test

OOLCAY. You did the test and you know now that XXX and YYY has 87% and 84% detection rates respectively. What are you going to do with the above numbers? Will it show how easily you can install and support XXX on a thousand machines? How competent the members of the support team are? How often updates released? Hardware and software requirements? The cost of the product and support? And more general question: what do you need? Anti-virus? To be sure (with some degree) that you have no viruses on your machine? Or to be sure that your data is safe and you work will not be interrupted? If you choose the last option, I will tell you that anti-virus is the last thing you should think about (personally I do not use anti-viruses at all, with exception for making the collection).

Save our bandwidth. Leave the tests to those who (probably) know what they are doing and why.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka