AV Reaction Times of the latest MS05-039-based Worm Attacks

[Andreas Marx <gega-it () web de>]

Hello!

You can find the information how fast the AV companies have reacted with a solution against Bozari.A/B, Drudgebot.B, 
IRCBot!Var and Zotob.A/B in an Excel sheet (18 KB ZIP file) which is available at <http://www.av-test.org>. Furthermore 
we have checked how many AV products havn't required an update in order to deal with these threats.  

We have covered the following worms and variants:
- Win32/Bozari.A (10 outbreak reports)
- Win32/Bozari.B (1 outbreak report)
- Win32/Drudgebot.B (3 outbreak reports)
- Win32/IRCBot!Var (2 outbreak reports)
- Win32/Zotob.A (4 outbreak reports)
- Win32/Zotob.B (3 outbreak reports)

We used the following rules for the formatting (XLS sheet):
- Italic font = proactive/heuristic detection (in general: a detection without updates)
- Bold font = first detection (first name) of the worm
- Normal font = subsequent names used for the worm (e.g. second name, third name...)

Two magazine reviews have been published which are based on this data:
- PC Magazine - heuristic test results: <http://www.pcmag.com/article2/0,1895,1850847,00.asp>
- PC WELT (Germany) - response times: <http://www.pcwelt.de/news/sicherheit/118264/index.html>

Of course, we know that the problem related to MS05-039 is not primary an AV problem, but something for (Personal) 
Firewalls, IDS/IPS systems and a better patch management. :-)

cheers,
Andreas Marx
CEO, AV-Test.org
http://www.av-test.org

_________________________________________________________________________
Mit der Gruppen-SMS von WEB.DE FreeMail können Sie eine SMS an alle 
Freunde gleichzeitig schicken: http://freemail.web.de/features/?mc=021179



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/