logo

packer

Category: blogs | Posted by Avatar Staff 280 days ago
Via: http://www.websensesecuritylabs.com | Tags: packer detection generic unpacking techniques comments Discuss  
Malware authors often use their own protections or packers to prevent automated unpacking of their executables. This is an attempt to delay development of antivirus (AV) signatures or in-depth behavioral analysis. Scramblers, tools designed to modify the packed binary to help throw off signature-based scanners, are often used as well. In fact, a public protector called [MSLRH] not only packs the executable and protects it using anti-debug, anti-dump, and stolen-byte mechanisms, but read more »
addto Add this link to... report Bury 
Category: blogs | Posted by Avatar Staff 244 days ago
Via: http://securitylabs.websense.com | Tags: analysis storm worm packer comments Discuss  
Websense Security Labs has been tracing the storm worm since early 2007, when the first wave of storm worm erupted in the wild. Storm worm is one of the most notorious malware programs seen during the years 2007 and 2008. Websense Security Labs has published many research results on it, such as Storm Worm Chronology, which was written by my colleague Nick Verenini. Most variants of storm worms are packed with the custom packer "Tibs". Tibs packer is a polymorphic packer, which also has the capability of an read more »
addto Add this link to... report Bury 
Category: blogs | Posted by Avatar Staff 222 days ago
Via: http://securitylabs.websense.com | Tags: xp antivirus rogue av custom packer comments Discuss  
Nowadays, most unwanted software, such as malware and rogue products, uses packers to obfuscate itself. In addition to the known packers, some of them use custom packers, using polymorphic techniques to prevent detection. Every two weeks, I will write a little blog about one of those custom packers, and explain some of the tricks they use. read more »
addto Add this link to... report Bury 


Copyright 2005-2008 Best of Security