lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <004101c60c91$9ba682d0$150810ac@ddt2d2b883c4a1>
Date: Thu Dec 29 16:05:08 2005
From: valdis at antivirus.lv (Valdis Shkesters)
Subject: test this

Anti-virus researcher Andreas Marx of Av-Test.org has concluded 
an annual round of testing to see how well the various anti-virus 
programs responded to recent outbreaks of viruses and worms. 
The results appear to show that while the major anti-virus products 
are still having trouble keeping up with the massive glut of new malware, 
most are starting to do a better job.

Marx measured how quickly the anti-virus products responded 
with updates enabling them to detect variants of the largest 16 
Windows worm outbreaks of 2005, including "Bagle," "Bobax," 
"Bropia," "Fatso," "Kelvir," "Mydoom," "Mytob," "Sober" and "Wurmark."

Average Response Time    --   Product Name
Between 0 and 2 hours------>Kaspersky
Between 2 and 4 hours------>BitDefender, Dr. Web, F-Secure, Norman, Sophos
Between 4 and 6 hours------>AntiVir, Command, Ikarus, Trend Micro
Between 6 and 8 hours------>F-Prot, Panda
Between 8 and 10 hours----->AVG, Avast, eTrust-INO, McAfee, VirusBuster 
Between 10 and 12 hours---->Symantec 
Between 12 and 14 hours---->[none] 
Between 14 and 16 hours---->[none] 
Between 16 and 18 hours---->[none] 
Between 18 and 20 hours---->eTrust-VET
More than 20 hours----------->[none]

....

http://blogs.washingtonpost.com/securityfix/2005/12/antivirus_resea.html


----- Original Message ----- 
From: "Todd Towles" <toddtowles@...okshires.com>
To: "Thierry Zoller" <Thierry@...ler.lu>
Cc: <full-disclosure@...ts.grok.org.uk>
Sent: Thursday, December 29, 2005 4:22 PM
Subject: RE: Re[2]: [Full-disclosure] test this


Got a new test of it this morning? I am surprised Norton doesn't have it
yet.

 TrendMicro has released pattern file = 3.135.00

It appears to pick up all the trojans using the WMF exploit as of right
now. Variants could affect this however.

Is this buffer overflow pretty specific like the older GIF exploit? If I
remember correctly, there were really only two ways to make the GIF
exploit work, so the detection was pretty solid. Is this exploit
similar? Or does it have some trick point that could be used to fool
known sigs?

-Todd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ