When antivirus products (and Internet Explorer) fail you

When Didier Stevens recently took a closer look at some Internet Explorer malware that he had found, something surprised him somewhat.

He discovered that the IE-targeted malware had been obfuscated with null-bytes (0x00) and when run against VirusTotal, he found that fewer than half of the products identified the sample as malware (15 of 32). When all null-bytes were removed, the chances of successful detection improved, though not as much as would normally be expected (25 of 32 detections).

When Didier tried adding more null-bytes to the sample he found that the number of successful detections decreased steadily until, with 254 0x00 bytes between each character, McAfee was the last one standing. When antivirus products (and Internet Explorer) fail you | Channel Register

Linked by shanmuga Friday, 2nd November 2007 11:15PM

20% off Spyware Doctor and Registry Mechanic - use coupon code: pctools20. Click Here Now!

$10 off on Spy Sweeper. And shop safe this holiday season. Click Here Now!

15% on Norton AntiVirus 2008 - coupon code: 10NAV08. Click Here Now!

Back to: PC Security, privacy news

More News, Articles from elsewhere

Only one in 28 emails legitimate

Registry Sentinel Removal

AntivirusMaster Removal

For safer browsing

Protect Your Identity, Protect Your Pocket

Symantec: Microsoft Access ActiveX attacks will intensify

Windows XP SP3 Hits Microsoft’s Automatic Update Service

Browser Security: IE vs. Safari vs. Firefox

If you browse with Internet Explorer, get the latest version

Several vulnerabilities closed in the Linux kernel

8 Best Practices for Encryption Key Management and Data Security

Free Honeypot Client Could Sting Malware

What Firewalls Do & Donot Do

Opera Continues to Lead the Pack

Zonebak Trojan Removal

PCAntiSpyware Removal

The ultimate identity theft: house stealing

Fake Google Calender meeting invitations used in new spam attack

Spam Goes More and More Mobile

Should Microsoft Throw Away Vista?

Angry Vista users vent over SP1 driver issues

Safari 3.1 Crashes On Windows XP, Users Complain

Symantec fingers D Link for bot attacks

Want Vista SP1? Here is what to expect

99 Windows Vista Performance Tips and Tweaks

How to Remove AVMaster (AVMaster removal)

How to Remove AntivirusMaster (AntivirusMaster removal)

Norton 2009 products open to public beta

How to Remove Pakes Trojan (Pakes Trojan removal)

How to Remove TheRegistrySentinel (TheRegistrySentinel removal)

Security lapse exposes Facebook photos

Top Tips to Mobile Data Security

iPhone DoS vulnerability

Kaspersky launches Mobile Security 7.0 protection for smartphones

Mobile subscribers showered with spam

HOW TO: Install Ubuntu, Ubuntu Installation Guide

HOW TO: Synchronize Folders Between Computers

HOW TO: Set Up Dynamic DNS

HOW TO: Install Safari on Ubuntu with Flash and Shockwave!

HOW TO: Read The Wall Street Journal’s Web site for free

The fine print

All trademarks, product names and company names or logos cited herein are the property of their respective owners. News content is the property of their respective authors/owners/publishers.

Malware Help. Org does not represent, warrant, or endorse the accuracy, reliability, completeness or timeliness of any of the information, content, views, opinions, recommendations or advertisements contained on, distributed through, or linked, downloaded or accessed from any of the information contained in this News Story.

By reading this you understand and agree that everything that is written in this article is for educational use only, and none of it should be used at any circumstances, and if you choose to use this information for any kind of action you take full responsibility for it and release Malware Help. Org (c) of any responsibility. If you do not agree to whats written here, LEAVE NOW!

Webmasters! Don't want your site's news/articles appear here, No problem, please drop me a line, Malware Help. Org will be happy to comply with your wishes.

About the RSS News feeds and News articles from other sites