Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re[2]: [Full-disclosure] test this

from [Valdis Shkesters] Network Security [Permanent Link]
Subject: Re: Re[2]: [Full-disclosure] test this
Date: Thu, 29 Dec 2005 18:04:54 +0200
Anti-virus researcher Andreas Marx of Av-Test.org has concluded an annual round of testing to see how well the various anti-virus programs responded to recent outbreaks of viruses and worms. The results appear to show that while the major anti-virus products are still having trouble keeping up with the massive glut of new malware, most are starting to do a better job.

Marx measured how quickly the anti-virus products responded with updates enabling them to detect variants of the largest 16 Windows worm outbreaks of 2005, including "Bagle," "Bobax," "Bropia," "Fatso," "Kelvir," "Mydoom," "Mytob," "Sober" and "Wurmark."

Average Response Time -- Product Name
Between 0 and 2 hours------>Kaspersky
Between 2 and 4 hours------>BitDefender, Dr. Web, F-Secure, Norman, Sophos
Between 4 and 6 hours------>AntiVir, Command, Ikarus, Trend Micro
Between 6 and 8 hours------>F-Prot, Panda
Between 8 and 10 hours----->AVG, Avast, eTrust-INO, McAfee, VirusBuster Between 10 and 12 hours---->Symantec Between 12 and 14 hours---->[none] Between 14 and 16 hours---->[none] Between 16 and 18 hours---->[none] Between 18 and 20 hours---->eTrust-VET
More than 20 hours----------->[none]

....

http://blogs.washingtonpost.com/securityfix/2005/12/antivirus_resea.html


----- Original Message ----- From: "Todd Towles" <toddtowles@brookshires.com>
To: "Thierry Zoller" <Thierry@Zoller.lu>
Cc: <full-disclosure@lists.grok.org.uk>
Sent: Thursday, December 29, 2005 4:22 PM
Subject: RE: Re[2]: [Full-disclosure] test this


Got a new test of it this morning? I am surprised Norton doesn't have it
yet.

TrendMicro has released pattern file = 3.135.00

It appears to pick up all the trojans using the WMF exploit as of right
now. Variants could affect this however.

Is this buffer overflow pretty specific like the older GIF exploit? If I
remember correctly, there were really only two ways to make the GIF
exploit work, so the detection was pretty solid. Is this exploit
similar? Or does it have some trick point that could be used to fool
known sigs?

-Todd
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Full-disclosure] test this, Todd Towles
Next by Date:  RE: Re[2]: [Full-disclosure] test this, Todd Towles
Previous by Thread:  Re: [Full-disclosure] test this, ad@heapoverflow.com
Next by Thread:  RE: Re[2]: [Full-disclosure] test this, Peter Ferrie
Indexes:  [Date] [Thread] [Top] [All Lists]