Survey: What AV or HIPS last detected a zero-day malware/virus for you?

Discussion in 'other anti-virus software' started by altruist, Feb 14, 2011.

Thread Status:
Not open for further replies.
  1. altruist

    altruist Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    25
    To define a concrete criteria for zero-day here,

    zero-day malware-virus: a malware/virus, that, at the time, wasn't detected by over 70% of popular AVs (as defined by jotti/virustotal/virscan)

    Usually when knowledge of a virus gets out, it circulates around to the AV vendors and makes it's way into the majority of signature databases. However there is often a period of time where it's been recently released and it can be recognized by nothing, or by only a few AV programs.

    Have you had this happen to you? If so, the last time you can remember it happening, which AV detected it?

    Please specify:
    1. The AVs that were capable of detecting the virus/malware.
    2. Approximate time you stumbled upon it, as accurate as you can remember. If you can't remember specifics, just specify a range like "Q4 2010" or "2009-2010"
     
    Last edited: Feb 16, 2011
  2. Narxis

    Narxis Registered Member

    Joined:
    Jun 10, 2009
    Posts:
    477
    Norton, reputation technology.
     
  3. altruist

    altruist Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    25
    For me, the last threat my current AV failed to detect details. No other AV picked it up.

    1. Authentium / F-Prot (source: virustotal.com)
    2. October 2010.
     
  4. Rampastein

    Rampastein Registered Member

    Joined:
    Oct 16, 2009
    Posts:
    290
    1. Kaspersky (by Proactive Defense/BB)
    2. Q2 2010
     
  5. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    None, i rarely get infected, i'm just overly paranoid :D
     
  6. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    That part makes me want to worry. :D
     
  7. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    1) IBM Antivirus
    2) Mid-90s.
     
  8. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Why dude :D
    Really, i'm very picky about what i download :D (And common sense does wonders ;))

    I don't even remember the last time i really got infected, but the last time i downloaded content with malware was like 2 months ago (That's not an infection :D, i scanned it for precaution and it was malware so - *Delete Key*)
     
  9. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I personally think there are more "zero day" vulnerabilities in software than there viruses/malware. In all my time of P2P, watching online video, surfing sites, I honestly cannot remember ever seeing a "zero day". Luck, perhaps, but I feel that it's more hype and FUD than genuine, huge threat to the general population. You boys and girls that play in the dirtier playgrounds (meaning malware test sites) likely see a lot of theoretical "doomsday devices", but out here on the general web, there just isn't that much to get excited about.

    I'm sure that disappoints the likes of Symantec, McAffee, and the others blaring the red alert sirens, but it is what it is. My last true infection was years ago. I'm like Noob, I see infected downloads quite often, but I delete the silly little nuisances and go about my business.
     
  10. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    +1 DW426

    I've never seen 0 day malware either :rolleyes:
    But i do have seen my friends get infected with TDSS rootkits, bankers and a HUNDRED more xD
     
  11. Blueshoes

    Blueshoes Registered Member

    Joined:
    Feb 13, 2010
    Posts:
    220
    Mac/Unix 0 day. Had Intego VirusBarrier X4 at the time. It called out it caught a " Unix Arc Bomb Trojan" on Zyxel's site I repaired it. But, every 5 mins it started to download payloads and I would stop and repair, but every 5 mins it would want another payload. Even after a reboot, just like clock work, every 5 mins another download. I had a clone from the week before so I re imaged. I emailed Zyxel's webmaster about it and sent my logs and their site went down for 2.5 days, 3 hours after I sent the info. That was 2.5 to 3 years ago.
     
  12. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Both Eset and Prevx have.
     
  13. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    I've never been hit by a 0-day.
     
  14. Cloudcroft

    Cloudcroft Registered Member

    Joined:
    Feb 29, 2004
    Posts:
    433
    Location:
    The Hill Country of Texas
    Same here, knock on wood.
     
  15. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    So, unlike you, their systems get frequently infected? (Just messing with you! ;))

    Sad reality, unfortunately.
     
  16. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    no zero day crap here. i mainly use virtual box for my school work and when I am not doing school work I am here at wilders rofl.. no zero day zero hour thing came even close to me:D :argh:
     
  17. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Yes, they get infected more than frequently . . . Sadly, and it's all my FREE HOURS of work troubleshooting and repairing for FREE o_O

    Pr0n viruses, TDSS, like 200 trojans more found with EAM around 150 were duplicates and a lot more malware.
    What a machine, at least it was still running and they used it for chatting, facebook etc Hahahaha :D

    Anyways, luckily nothing have happened to me . . . yet. :D
    And now with all my paranoid mind :rolleyes:
     
  18. gazs1

    gazs1 Registered Member

    Joined:
    Jan 18, 2010
    Posts:
    39
    im the same mate always cleaning friends mess ups for free, mostly rogues, i tell them to use sandboxie when they surf but they just cant be bothered, some people will never learn!!
     
  19. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    My question is, how would someone know if the infection was a zero day, if their AV found it?
     
  20. cgeek

    cgeek Registered Member

    Joined:
    Mar 31, 2010
    Posts:
    328
    +1 :thumb:
     
  21. atomomega

    atomomega Registered Member

    Joined:
    Jul 27, 2010
    Posts:
    1,285
    LOL. :D but true, that's the magic about such crap. I personally don't believe that much in this 0-day FUD, for me an infection is just that... an infection. Call it 0-day, 1-day, 1-week, 1-year.
     
  22. Kernelwars

    Kernelwars Registered Member

    Joined:
    Aug 12, 2010
    Posts:
    2,155
    Location:
    TX
    indeed my good friend:D
     
  23. Nevis

    Nevis Registered Member

    Joined:
    Aug 28, 2010
    Posts:
    786
    Location:
    255.255.255.255
    yeah , i intentionally downloaded a FUD for some inspection but norton detected it through SONAR or reputation
     
  24. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    LOL, this reminds me of something that happened to me like 8-10 months ago repairing my friends laptop.
    After i cleaned his Laptop (Nothing serious).
    Previously he had PCAV 1.1, but he wasn't connected to the internet all the time and he plugged lots of USB's from school. So i decided to install him Avast! v5, after installing it, i decided to play around with a lame Koobface worm and guess what . . . it got right throught :eek:

    Hahahaha, he was right behind me, he said "Nothing Happened". I scanned it and nothing. So i ended up installing EAM CMD to clean it hahahahaha, what a mess :D
     
  25. altruist

    altruist Registered Member

    Joined:
    Feb 13, 2008
    Posts:
    25
    What is EMD CMD?
     
Loading...
Thread Status:
Not open for further replies.