Photo: P Bustamante, Panda Research
Pedro Bustamante, Panda Research writes:
“In our last obfuscation study Packer (r)evolution we saw an increase in the use of private or customized versions of packers being developed to evade AV signature detections. As a curiosity I’ve updated the study to see how this trend is evolving. For this purpose our colleague Satur created a tool called “Detector” for advanced packer identification which specializes on specific, generic and custom packer identification but is also able to identify file infectors, polymorphism, installers and much more. The results are pretty amazing.”
Seems like the bad guys are handling the “threat” from improved heuristics/generic signatures/behavioural analysis with a great deal of agility and style.
Writing customized packers is not something you do over night and you can sense that this is something that the organizations behind has spent some money on…
Out of blog time now, got to go clean up an XP Antivirus 2008 (rouge security app.) infection. That motherf*cker must be repacked 500 times a day… God damned it.
