Anti reverse engineering protection within Crimeware


Earlier this week we presented at the APWG Summit in Brussels. As part of the "Crimeware Session, Stalking an Automated Criminal Intelligence", we highlighted the increased use of anti reverse engineering tactics by malicious code authors in the areas of Crimeware.

Crimeware in particular, is being packed by compressing executable files. Although "standard" packers such as ASPack and UPX (Ultimate Packer for eXecutables) are still prevalent, newly discovered custom packers and portable executable (PE) protectors are being utilized. Along with custom packing and protection, the malicious code discovered often includes antireverse engineering techniques, such as virtual machine detection, in order to thwart researchers and detection. Websense Security Labs - Blog

Linked by shanmuga Thursday, 29th June 2006 1:13AM