Full Disclosure mailing list archives
Re: Re[2]: test this
From: "Valdis Shkesters" <valdis () antivirus lv>
Date: Thu, 29 Dec 2005 18:04:54 +0200
Anti-virus researcher Andreas Marx of Av-Test.org has concluded an annual round of testing to see how well the various anti-virus programs responded to recent outbreaks of viruses and worms. The results appear to show that while the major anti-virus products are still having trouble keeping up with the massive glut of new malware, most are starting to do a better job.
Marx measured how quickly the anti-virus products responded with updates enabling them to detect variants of the largest 16 Windows worm outbreaks of 2005, including "Bagle," "Bobax," "Bropia," "Fatso," "Kelvir," "Mydoom," "Mytob," "Sober" and "Wurmark."
Average Response Time -- Product Name Between 0 and 2 hours------>Kaspersky Between 2 and 4 hours------>BitDefender, Dr. Web, F-Secure, Norman, Sophos Between 4 and 6 hours------>AntiVir, Command, Ikarus, Trend Micro Between 6 and 8 hours------>F-Prot, PandaBetween 8 and 10 hours----->AVG, Avast, eTrust-INO, McAfee, VirusBuster Between 10 and 12 hours---->Symantec Between 12 and 14 hours---->[none] Between 14 and 16 hours---->[none] Between 16 and 18 hours---->[none] Between 18 and 20 hours---->eTrust-VET
More than 20 hours----------->[none] .... http://blogs.washingtonpost.com/securityfix/2005/12/antivirus_resea.html----- Original Message ----- From: "Todd Towles" <toddtowles () brookshires com>
To: "Thierry Zoller" <Thierry () Zoller lu> Cc: <full-disclosure () lists grok org uk> Sent: Thursday, December 29, 2005 4:22 PM Subject: RE: Re[2]: [Full-disclosure] test this Got a new test of it this morning? I am surprised Norton doesn't have it yet. TrendMicro has released pattern file = 3.135.00 It appears to pick up all the trojans using the WMF exploit as of right now. Variants could affect this however. Is this buffer overflow pretty specific like the older GIF exploit? If I remember correctly, there were really only two ways to make the GIF exploit work, so the detection was pretty solid. Is this exploit similar? Or does it have some trick point that could be used to fool known sigs? -Todd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: test this, (continued)
- Re: test this José Manuel Vilariño Figueira (Dec 28)
- RE: test this Jason Bethune (Dec 28)
- Re: test this Peter Bruderer (Dec 28)
- Re: test this Matt Ostiguy (Dec 28)
- Re: test this Valdis Shkesters (Dec 28)
- Re: test this Thierry Zoller (Dec 28)
- Re[2]: test this Thierry Zoller (Dec 28)
- RE: test this Todd Towles (Dec 28)
- RE: Re[2]: test this Todd Towles (Dec 29)
- Re: test this ad () heapoverflow com (Dec 29)
- Re: Re[2]: test this Valdis Shkesters (Dec 29)
- RE: Re[2]: test this Peter Ferrie (Dec 29)
- RE: Re[2]: test this Benjamin Franz (Dec 29)
- Re: test this Michael Holstein (Dec 29)
- Re: test this José Manuel Vilariño Figueira (Dec 28)
- RE: Re[2]: test this Todd Towles (Dec 29)
- RE: test this Todd Towles (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)
- Re: test this ad () heapoverflow com (Dec 29)
- RE: Re[2]: test this Todd Towles (Dec 29)