lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <582652932@web.de>
Date: Wed Aug 24 14:15:51 2005
From: gega-it at web.de (Andreas Marx)
Subject: AV Reaction Times of the latest MS05-039-based
	Worm Attacks


Hello!

You can find the information how fast the AV companies have reacted with a solution against Bozari.A/B, Drudgebot.B, IRCBot!Var and Zotob.A/B in an Excel sheet (18 KB ZIP file) which is available at <http://www.av-test.org>. Furthermore we have checked how many AV products havn't required an update in order to deal with these threats.  

We have covered the following worms and variants:
- Win32/Bozari.A (10 outbreak reports)
- Win32/Bozari.B (1 outbreak report)
- Win32/Drudgebot.B (3 outbreak reports)
- Win32/IRCBot!Var (2 outbreak reports)
- Win32/Zotob.A (4 outbreak reports)
- Win32/Zotob.B (3 outbreak reports)

We used the following rules for the formatting (XLS sheet):
- Italic font = proactive/heuristic detection (in general: a detection without updates)
- Bold font = first detection (first name) of the worm
- Normal font = subsequent names used for the worm (e.g. second name, third name...)

Two magazine reviews have been published which are based on this data:
- PC Magazine - heuristic test results: <http://www.pcmag.com/article2/0,1895,1850847,00.asp>
- PC WELT (Germany) - response times: <http://www.pcwelt.de/news/sicherheit/118264/index.html>

Of course, we know that the problem related to MS05-039 is not primary an AV problem, but something for (Personal) Firewalls, IDS/IPS systems and a better patch management. :-)

cheers,
Andreas Marx
CEO, AV-Test.org
http://www.av-test.org

_________________________________________________________________________
Mit der Gruppen-SMS von WEB.DE FreeMail k?nnen Sie eine SMS an alle 
Freunde gleichzeitig schicken: http://freemail.web.de/features/?mc=021179

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ