Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

In the overwhelming sea of information, access to timely, insightful and independent open-source intelligence (OSINT) analyses is crucial for maintaining the necessary situational awareness to stay on the top of emerging security threats. This blog covers trends and fads, tactics and strategies, intersecting with third-party research, speculations and real-time CYBERINT assessments, all packed with sarcastic attitude

Thursday, January 25, 2007

Testing Anti Virus Software Against Packed Malware

Very interesting idea as packed malware is something rather common these days, and as we've seen the recent use of commercial packers in the "skype trojan" malware authors are definitely aware of the concept. What the authors did was to pack the following malware using 21 different packers/software protectors - Backdoor.Win32.BO_Installer, Email-Worm.Win32.Bagle, Email-Worm.Win32.Menger, Email-Worm.Win32.Naked, Email-Worm.Win32.Swen, Worm.Win32.AimVen, Trojan-PSW.Win32.Avisa, Trojan-Clicker.Win32.Getfound, and scan them with various anti virus software to measure which ones excel at detecting packed malware. What some vendors are best at detecting others doesn't have a clue about, but the more data to back up your personal experience, the better for your decision-making.

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com

Dancho Danchev's Blog - Mind Streams of Information Security Knowledge

Thursday, January 25, 2007

Testing Anti Virus Software Against Packed Malware

No comments:

Post a Comment