AMTSO, Standards, and Relevance

[I told you these links were cursed: thanks to Daniel Schatz for pointing out a further problem. Tip of the hat to Kurt Wismer for pointing out the issue on the AMTSO blog, and another to Julio Canto for alerting me to the story in the first place.]

Danny Quist posted an interesting article at Offensive Computing commenting on the “Issues involved in the “creation” of samples for testing” document published by AMTSO (the Anti-Malware Testing Standards Organization) a while ago on the AMTSO documents page at I subsequently blogged at some length on the AMTSO blog here, so I won't press the point here, but I will reiterate one essential point.

…if you’re attempting to create your own malware because you can’t get samples from other sources, the chances are that you don’t have the knowledge to create samples that represent real-world threats.

There seems to be a curse on this story as far as links are concerned: the link in the Offensive Computing post still doesn’t actually go anywhere, but the correct link to the original paper is this. Unfortunately, the link somehow also somehow broke in the AMTSO blog, and the link to the Offensive Computing blog disappeared altogether, but they're both fixed now. I think!

Research Fellow & Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled):
ESET Threatblog notifications on Twitter:;
ESET White Papers Page:

Securing Our eCity community initiative:

Also blogging at:

Author David Harley, ESET

  • Daniel Schatz

    The links in the first paragraph seem to be incorrect (e.g. javascript:void(0)/*299*/)

    • David Harley

      Ouch. Thanks, Daniel. There is definitely a digital poltergeist at work here somewhere.

Follow us

Copyright © 2017 ESET, All Rights Reserved.