The WildList is dead, long live the WildList! presented at Virus Bulletin 2007

by Andreas Marx (,


Summary : "For a very long time, the WildList was the accepted standard for all kind of anti-malware software tests. However,
today's real challenges - like targeted attacks and zero-day exploits, as well as adware and spyware - are not covered
by the WildList. Traditionally, the WildList only focuses on self-replicating malware such as viruses and worms, but
in today's world, these malware types have almost died out and have been replaced by Trojan horses with keyloggers and
options to steal PIN and TAN codes for online banking. (The malware world has gone
commercial and some of the bad guys are making more money than traditional AV companies!) Besides this, the WildList
is usually published 2 to 3 months after the reporting month, so it's outdated when released.This paper will focus on current problems of the WildList and suggests methods to increase the usefulness of the
WildList again, to ensure that not only all today's malware types are covered, but also that the WildList will always
be up to date when published on a more regular basis. This includes an analysis of all required processes, better
reporting methods and automatisms which must be used to avoid delays in publication. "