According to Robert Sandilands of Commtouch, one of the many IT security organisations that assist with the list, it is provided by experts that submit virus samples on a regular basis.
The requirements for a sample to be submitted, he notes, are that it must replicate itself and must be a real sample from a real customer of the organisation concerned.
“If two or more WildList reporters submit the same sample then it will be included in the WildList for the following month. Each anti-virus company typically has one WildList reporter and I am the reporter for Commtouch”, he says in his latest security posting.
But, he adds, there is one glaring problem with the current system and that it is that it limited solely to viruses.
“Some people will say there are other problems as well, but the other problems with the WildList are mere technicalities compared to the virus limitation. The reality is that less than 1% of malware we receive will replicate or can be called a virus”, he says.
“Please also note the distinction between virus and malware. Some malware are viruses and all viruses can be considered malware. Malware also includes backdoors, trojans, downloaders, password stealers and other categories of malicious applications that we as an industry have been dealing with for years but has not been covered by the WildList”, he adds.
In view of these limitations, he reveals that the WildList Organisation has been testing the Extended WildList, which drops the requirement that the sample replicate - “which is probably one of the most significant limitations to the existing WildList” - and significantly expands the scope of the WildList
It will also, he says, resolve a significant number of complaints against the WildList, which, whilst it is still not perfect, it is important to note that there never will be a perfect test set.
As of last month, he says, the Extended WildList was formally released to testers and anti-virus companies and the extended list will now start to be used by member organisations and other interested parties.
And the good news, he concludes, is that, due to the fact that samples on the Extended WildList are not required to replicate, it is now technically significantly simpler to deal with the new list than the traditional one, something that he says marks a significant step forward.