Friday, 5 October 2007

0hour testing

Well, a new email came in, which looked very odd, here's the headers:

Return-Path:
Received: from 88-139-180-230.adslgp.cegetel.xxx (88-139-180-230.adslgp.cegetel.
by raq0402.keele.netcentral.co.xx (8.9.3/8.9.3) with ESMTP id JAA02419
for ; Fri, 5 Oct 2007 09:28:25 +0100
Received: from [88.139.180.230] by mx2.servershost.xxx; Fri, 5 Oct 2007 02:37:20
From: "Shirley Xxxxxxx"
Date: Fri, 5 Oct 2007 02:37:20 +0100

Here's the actual email:














So, I submitted the zip file to VirusTotal to see what the latest detection was like and then repeated the same file, at various times after that, to see roughly when vendors added detection.

Note: it's not exactly scientific, so your mileage may vary etc.

Here's the results:

As you can see, Antivir did well!






















ClamAV team did a very quick job on adding this one, still beating the big boys:











































F-Secure and F-Prot, now have detection:



















Nod32 users now covered:















Kaspersky users now covered:















For the AVG users out there, detection has now been added:

















Here's the situation on Monday morning:

No comments: