Friday December 5, 2008 7:33 PM AEST

SC Magazine Australia/NZ > News > Vulnerabilities & Exploits > Malware > Virus authors 'pack' malware to avoid detection

Vulnerability Alerts

SANS

Microsoft

Microsoft Security Bulletin Advance Notification for December 2008
MS07-068 - Critical: Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) - Version:2.3

CERT/CC

Latest Comments

"Excellent info. If you use Gumtree Australia you will see many obvious scam posts in all ..."

on Scammers target online car buyers, warns ACCC

by Marian Imrie | Dec 5, 2008 4:45 PM

"Very nice and useful information. UT4B4. Tape4backup.com"

on Weighing the options for securing back-up data

by Lto-4 Tape | Dec 4, 2008 9:23 PM

"Interesting that you do not bother to list the one AV that has consistently passed the VB100. ..."

on Latest VB100 malware test brings good news

by Ben | Dec 4, 2008 6:00 PM

"I like this"

on AVG update deletes critical Windows file

by nanwin | Dec 3, 2008 3:05 PM

"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."

on Shavlik Technologies to broaden its patch management offerings

by Werner K | Nov 26, 2008 8:36 PM

Malware

Virus authors 'pack' malware to avoid detection

By Clement James
Mar 3, 2008 9:56 AM
Tags: Virus | malware | detection

However, the company said that all the threats in its Top 10 Malware List for February used the same packing method to obfuscate the payload.

"Virus writers use packers to decrease the size of the virus and to increase the cost of analysis," said Sorin Dudea, head of BitDefender AV Research.

"Unpacking something packed in an as-yet unknown manner takes a lot of time and skill."

Malware using this single packing method accounted for 37.02 percent of all detections in February.

The Peed/Storm Trojan dominated the list at 16.88 percent of total detections for the month. This was a strong resurgence given the Trojan's absence from the January list.

The proliferation of the Windows WMF vulnerability appeared to decrease during the month, as viruses using its signature accounted for only 5.33 percent of total detections.

Lower on the list are a host of much older mass mailer viruses, which Dudea described as "on their way to irrelevancy".

These viruses account for approximately six per cent of total detections, more than half of which are a result of Netsky.P.

"By this point, I think it is safe to say that Netsky.P is the most widespread mass mailer virus of all time," said Dudea.

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Vulnerabilities & Exploits Whitepapers

Virus authors 'pack' malware to avoid detection

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management