In certain cases, a worm might be detected heuristically. Thus, customers would have been alerted to the threat without the updates and would have been protected regardless of the times those particular updates were released. For example, in the case of Dumaru.Y, Virusbuster, Quickheal, and Ikarus were all able to detect the Dumaru.Y variant heuristically. None of the tested vendors were able to detect the MyDoom.A worm heuristically. However, it is important to consider that MyDoom.A was a completely new worm, whereas Dumaru.Y was simply a variant of an already existing worm.
Vendor response times
The following data is provided courtesy of PC-Welt magazine (http://www.pc-welt.de) and Andreas Marx, AV-Test.org (http://www.av-test.org).
For comparison purposes, the MyDoom.A worm was first seen at MessageLabs on 01/26/04 @ 13:05 GMT.
| Trend Micro | 01/26/04 @ 22:35 |
| Virusbuster | 01/26/04 @ 23:05 |
| AVG | 01/26/04 @ 23:15 |
| eTrust (CA engine) | 01/27/04 @ 00:20 |
| Sophos | 01/27/04 @ 00:40 |
| eTrust (Vet engine) | 01/27/04 @ 01:30 |
| eSafe | 01/27/04 @ 01:50 |
| RAV | 01/27/04 @ 03:10 |
| Dr. Web | 01/27/04 @ 03:10 |
| Kaspersky | 01/27/04 @ 03:35 |
| Symantec | 01/27/04 @ 03:35 |
| McAfee | 01/27/04 @ 04:00 |
| BitDefender | 01/27/04 @ 04:00 |
| QuickHeal | 01/27/04 @ 04:50 |
| Panda | 01/27/04 @ 05:00 |
| Norman | 01/27/04 @ 08:05 |
| Antivir | 01/27/04 @ 11:35 |
| F-Secure | 01/27/04 @ 12:05 |
| F-Prot | 01/27/04 @ 18:15 |
| Avast | 01/27/04 @ 16:00 |
| Command | 01/27/04 @ 17:25 |
| A2 | 01/27/04 @ 18:40 |
| Ikarus | 01/27/04 @ 08:35 |
