A test of 7 commonly used anti-virus programs shows that just 1 detected malware variants that exploited the IE vulnerability used in the Aurora attacks which affected Google, Adobe and other US companies. These attacks are no longer “new” news, so one would expect that there would be signatures for these malware variants by now.
NSS Labs, the company that performed the tests, said vendors need to put more focus on the vulnerability than on exploit protection. Threat detection and mitigation need to evolve to meet the challenge of emerging attacks. Software vendors need to shoulder their share of the security burden.