40+ av scanners miss flash exploit

stevepas

Virustotal uses 43 different av scanners,
they all missed this recent one. (march 2011)

this is the reference for the adobe exploit 'cve-2011-0609' and there is a very detailed report on FireEye.

(I can't post the link yet, not enough posts)

I like a layered approach just in case you might run into a nasty like this one.

waddler_8

A bit misleading....

It refers to the payload of a flash exploit from back in March. The exploit vulnerability has since been fixed & Adobe flash has been updated many times since then even - It's now on version 11.0.1.152

http://get.adobe.com/flashplayer/


The VT report for the payload at the time of the blog post showed there was a more up to date report that showed 7/43 detecting it, not zero as claimed. That is now 37/43

http://www.virustotal.com/file-scan/report.html?id=62db3743cc62c66a4b8806d8fe23966472b9841b7d91e9025f474990bd88cc89-1311806866

stevepas

Perhaps I should have been clearer about the reason why I posted this item?

'A good example of why it isn't a good idea to rely soley on AV for security.'

The liklyhood there will be something similar to this exploit is high.

At the time of first detection, according to the article no scanner detected it.

The article reads as of the 15 march it was zero detection.
The screen shot showed, looks like it was taken at a later date when detection was 7, (still low)

This looks like a scan that has been saved at VT and re-opened at a later date when detection has improved, hence the note about 'up to date report, 7/43'

Agreed, the article could have been a bit clearer.

To summarize,
You can't get a more classic example of the need for a layered approach.