Long answer: this changes daily it grows. But first and foremost - what would constitute an item in this list? A specific file (with a unique SHA) - literally millions, a (catchy) moniker - too abstract, something in-between? Let's start from the file end: The lowest level of aggregation is a detection, a named decision made by the scanner. Vendors use their own taxonomy, there's no standard. These taxonomies usually result in a more or less hierarchical naming scheme which doesn't reflect all relationships, in addition the classification of an item is often based on the scanner's strategy. Ok, enough of this jargon. A practical example: A self-decrypting malware item contains code to download "something" from pseudorandom generated domain names and it uses an exploit to make itself persistent. Obviously to detect the latter two the scanner must be able a) to identify the encryption and b) to "crack" it. If the employed encryption/decryption method is sufficient evidence that it's malware - should the scanner even dig deeper? If it does, should the item be classified as malicious downloader or persistent threat. And if samples have been found to download some ransomware - should it rather be classified as such (note. the classification would be based on potential harm)?
Anyway - how could this list be of help to you? What if the list contains, say, CryptoCrook? As with flu shots you can be quite sure it will protect you from the known strains it has been designed for - but you never really know that it has been and don't know it would have been effective - you only know fur sure when it hasn't [;)].
Long answer: this changes daily it grows. But first and foremost - what would constitute an item in this list? A specific file (with a unique SHA) - literally millions, a (catchy) moniker - too abstract, something in-between? Let's start from the file end: The lowest level of aggregation is a detection, a named decision made by the scanner. Vendors use their own taxonomy, there's no standard. These taxonomies usually result in a more or less hierarchical naming scheme which doesn't reflect all relationships, in addition the classification of an item is often based on the scanner's strategy. Ok, enough of this jargon. A practical example: A self-decrypting malware item contains code to download "something" from pseudorandom generated domain names and it uses an exploit to make itself persistent. Obviously to detect the latter two the scanner must be able a) to identify the encryption and b) to "crack" it. If the employed encryption/decryption method is sufficient evidence that it's malware - should the scanner even dig deeper? If it does, should the item be classified as malicious downloader or persistent threat. And if samples have been found to download some ransomware - should it rather be classified as such (note. the classification would be based on potential harm)?
Anyway - how could this list be of help to you? What if the list contains, say, CryptoCrook? As with flu shots you can be quite sure it will protect you from the known strains it has been designed for - but you never really know that it has been and don't know it would have been effective - you only know fur sure when it hasn't [;)].
