Skip to content

wicar/wicar.github.io

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
about
about
 
 
contact
contact
 
 
resources
resources
 
 
results
results
 
 
sitemap
sitemap
 
 
.gitignore
.gitignore
 
 
CNAME
CNAME
 
 
README.md
README.md
 
 
favicon.ico
favicon.ico
 
 
index.html
index.html
 
 
logo.gif
logo.gif
 
 
main.css
main.css
 
 
malware.png
malware.png
 
 
robots.txt
robots.txt
 
 
wicar.org-malware.avi
wicar.org-malware.avi
 
 

Repository files navigation

wicar.github.io

wicar.org anti-malware test URL content - http://wicar.org/ - info@wicar.org

To join our mailing list, send a blank email to wicar+subscribe@groupgroups.com.

To post a message to the mailing list, use wicar@googlegroups.com as the recipient.

The wicar.org website was created by Patrick Webster and sponsored by OSI Security. If you like the idea and wish to get involved, want to see a particular exploit, or have any other queries please get in touch.

Test Your Anti-Malware Solution!

Introduction

The wicar.org website was designed to test the correct operation your anti-virus / anti-malware software.

The name "WICAR" is derived from the industry standard EICAR anti-virus test file, which is a non-dangerous file that all anti-virus products flag as a real virus and quaratine or act upon as such. By being able to execute a test virus program safely, the end user or network administrator can ensure that the anti-virus software is correctly operating (without utilising a real virus which may damage the system should the anti-virus software fail to function). How it works

When you visit a malicious website, a number of actions may occur:

  1. A search result in Google may mark the result with the message "This website may harm your computer" and prevent you from visiting the address.
  2. The web browser, such as Internet Explorer, Firefox and Chrome, maintain their own list of known malware sites and will prevent or warn you from accessing the site.
  3. If you are protected by an inline website filtering appliance, application layer inspecting firewall or proxy server, such as those commonly deployed in corporate environments, the solution will block access to the website.
  4. If you have desktop based anti-virus / anti-malware software installed, they often include technology which will flag malicious URLs and block them.
  5. Finally, if you have none of the above, it is likely you are now infected with malware.

Why?

There is not a standardised URL to test your anti-malware solution. Some browsers offer test malware pages, however they are not universal. Each anti-virus vendor has different detection mechanisms and independent lists of known malware sites. The wicar.org website contains actual browser exploits, therefore, regardless of search engine, web browser, filtering appliance or desktop anti-virus product you use, it should be marked as malicious.

All malware is hosted at: http://malware.wicar.org/, which is the correct address that should be blocked by anti-malware solutions (not this site).

The browser exploits were generated using the Metasploit Framework, with a payload to execute the Windows Calculator (calc.exe). Exploits for other operating systems may be provided at a later date.

Oh, and we used the 'W' in WICAR for World-Wide Web ;-)

About

wicar.org anti-malware test URL content

Resources

Readme
Activity
Custom properties

Stars

5 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Languages