Survey: What AV or HIPS last detected a zero-day malware/virus for you?

To define a concrete criteria for zero-day here,

zero-day malware-virus: a malware/virus, that, at the time, wasn't detected by over 70% of popular AVs (as defined by jotti/virustotal/virscan)

Usually when knowledge of a virus gets out, it circulates around to the AV vendors and makes it's way into the majority of signature databases. However there is often a period of time where it's been recently released and it can be recognized by nothing, or by only a few AV programs.

Have you had this happen to you? If so, the last time you can remember it happening, which AV detected it?

Please specify:
1. The AVs that were capable of detecting the virus/malware.
2. Approximate time you stumbled upon it, as accurate as you can remember. If you can't remember specifics, just specify a range like "Q4 2010" or "2009-2010"

 

Norton, reputation technology.

 

For me, the last threat my current AV failed to detect details. No other AV picked it up.

1. Authentium / F-Prot (source: virustotal.com)
2. October 2010.

 

1. Kaspersky (by Proactive Defense/BB)
2. Q2 2010

 

None, i rarely get infected, i'm just overly paranoid

 

That part makes me want to worry.

 

1) IBM Antivirus
2) Mid-90s.

 

Why dude
Really, i'm very picky about what i download (And common sense does wonders )

I don't even remember the last time i really got infected, but the last time i downloaded content with malware was like 2 months ago (That's not an infection , i scanned it for precaution and it was malware so - *Delete Key*)

 

I personally think there are more "zero day" vulnerabilities in software than there viruses/malware. In all my time of P2P, watching online video, surfing sites, I honestly cannot remember ever seeing a "zero day". Luck, perhaps, but I feel that it's more hype and FUD than genuine, huge threat to the general population. You boys and girls that play in the dirtier playgrounds (meaning malware test sites) likely see a lot of theoretical "doomsday devices", but out here on the general web, there just isn't that much to get excited about.

I'm sure that disappoints the likes of Symantec, McAffee, and the others blaring the red alert sirens, but it is what it is. My last true infection was years ago. I'm like Noob, I see infected downloads quite often, but I delete the silly little nuisances and go about my business.

 

+1 DW426

I've never seen 0 day malware either
But i do have seen my friends get infected with TDSS rootkits, bankers and a HUNDRED more xD

 

Mac/Unix 0 day. Had Intego VirusBarrier X4 at the time. It called out it caught a " Unix Arc Bomb Trojan" on Zyxel's site I repaired it. But, every 5 mins it started to download payloads and I would stop and repair, but every 5 mins it would want another payload. Even after a reboot, just like clock work, every 5 mins another download. I had a clone from the week before so I re imaged. I emailed Zyxel's webmaster about it and sent my logs and their site went down for 2.5 days, 3 hours after I sent the info. That was 2.5 to 3 years ago.

 

Both Eset and Prevx have.

 

I've never been hit by a 0-day.

 

Same here, knock on wood.

 

So, unlike you, their systems get frequently infected? (Just messing with you! )

Sad reality, unfortunately.

 

no zero day crap here. i mainly use virtual box for my school work and when I am not doing school work I am here at wilders rofl.. no zero day zero hour thing came even close to me

 

Yes, they get infected more than frequently . . . Sadly, and it's all my FREE HOURS of work troubleshooting and repairing for FREE

Pr0n viruses, TDSS, like 200 trojans more found with EAM around 150 were duplicates and a lot more malware.
What a machine, at least it was still running and they used it for chatting, facebook etc Hahahaha

Anyways, luckily nothing have happened to me . . . yet.
And now with all my paranoid mind

 

im the same mate always cleaning friends mess ups for free, mostly rogues, i tell them to use sandboxie when they surf but they just cant be bothered, some people will never learn!!

 

My question is, how would someone know if the infection was a zero day, if their AV found it?

 

+1

 

LOL. but true, that's the magic about such crap. I personally don't believe that much in this 0-day FUD, for me an infection is just that... an infection. Call it 0-day, 1-day, 1-week, 1-year.

 

indeed my good friend

 

yeah , i intentionally downloaded a FUD for some inspection but norton detected it through SONAR or reputation

 

LOL, this reminds me of something that happened to me like 8-10 months ago repairing my friends laptop.
After i cleaned his Laptop (Nothing serious).
Previously he had PCAV 1.1, but he wasn't connected to the internet all the time and he plugged lots of USB's from school. So i decided to install him Avast! v5, after installing it, i decided to play around with a lame Koobface worm and guess what . . . it got right throught

Hahahaha, he was right behind me, he said "Nothing Happened". I scanned it and nothing. So i ended up installing EAM CMD to clean it hahahahaha, what a mess

 

What is EMD CMD?