Anti-Virus Vendors Struggle To Keep Up With Attacks


At 5:07 p.m. on Dec. 21, 2004—almost a year ago to the day—the Santy worm surfaced in Moscow. It arrived at Kaspersky Lab in an E-mail message and was immediately assessed, categorized, and routed to a virus analyst.

At 5:14 p.m., after dissecting the worm with a software disassembler and various propriety code-analysis tools, the virus analyst understood enough to generate the binary signature that Kaspersky's antivirus software would use to block the malware.

At 5:18 p.m., the signature was complete. It was submitted to a bank of some 30 computers to be tested on various operating systems and checked against a database of software and security fixes for compatibility, to make sure the cure wasn't as damaging as the disease. Security Pipeline | Anti-Virus Vendors Struggle To Keep Up With Attacks

Linked by shanmuga Friday, 9th December 2005 9:32PM