Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] AV Reaction Times of the latest MS05-039-based Worm At

from [Andreas Marx] Network Security [Permanent Link]
Subject: [Full-disclosure] AV Reaction Times of the latest MS05-039-based Worm Attacks
Date: Wed, 24 Aug 2005 14:06:21 +0200 

Hello!

You can find the information how fast the AV companies have reacted with a 
solution against Bozari.A/B, Drudgebot.B, IRCBot!Var and Zotob.A/B in an Excel 
sheet (18 KB ZIP file) which is available at <http://www.av-test.org>. 
Furthermore we have checked how many AV products havn't required an update in 
order to deal with these threats.  

We have covered the following worms and variants:
- Win32/Bozari.A (10 outbreak reports)
- Win32/Bozari.B (1 outbreak report)
- Win32/Drudgebot.B (3 outbreak reports)
- Win32/IRCBot!Var (2 outbreak reports)
- Win32/Zotob.A (4 outbreak reports)
- Win32/Zotob.B (3 outbreak reports)

We used the following rules for the formatting (XLS sheet):
- Italic font = proactive/heuristic detection (in general: a detection without 
updates)
- Bold font = first detection (first name) of the worm
- Normal font = subsequent names used for the worm (e.g. second name, third 
name...)

Two magazine reviews have been published which are based on this data:
- PC Magazine - heuristic test results: 
<http://www.pcmag.com/article2/0,1895,1850847,00.asp>
- PC WELT (Germany) - response times: 
<http://www.pcwelt.de/news/sicherheit/118264/index.html>

Of course, we know that the problem related to MS05-039 is not primary an AV 
problem, but something for (Personal) Firewalls, IDS/IPS systems and a better 
patch management. :-)

cheers,
Andreas Marx
CEO, AV-Test.org
http://www.av-test.org

_________________________________________________________________________
Mit der Gruppen-SMS von WEB.DE FreeMail können Sie eine SMS an alle 
Freunde gleichzeitig schicken: http://freemail.web.de/features/?mc=021179



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] AV Reaction Times of the latest MS05-039-based Worm Attacks, Andreas Marx <=
Previous by Date:  Re: New Virus/Worm, jayjwa
Next by Date:  Av solution with mysql?, Wayne
Previous by Thread:  New Virus/Worm, Jack Vizelter
Next by Thread:  Av solution with mysql?, Wayne
Indexes:  [Date] [Thread] [Top] [All Lists]