January 23, 2009

eyebrow-raising coverage for packers

I'm sure the idea of packers is not new to anyone really when looking at malware.  And, I'm sure most people are "comfortable" with the fact that a good packer would get around most AV...always lovely to demonstrate during a pen-test recap.

What about if you used a standard trojan that EVERYONE catches, and then pack it with the standard packers on the market...what would you expect?  Well...maybe we were a bit hopeful when we were doing some of our testing for a Preview customer, but we expected most AV to at least write sigs for someof the packed trojans.

We're going to discuss the finding and our process in our next VERSA article next week, but pictures are always fun to look at right?

  Bad_av_packer_coverage

Looks pretty convoluted, but each color represents a different, well-known piece of malware.  The closer to the center the lower coverage...obviously some AV's are better at detecting packed malware than others. 

C-level take-aways will be in the VERSA article...enjoy!

~research

Posted by eEye Research on January 23, 2009 at 10:14 | | Comments (0)

December 19, 2008

...Staying Busy...

Hey Readers!

I bet you never thought you'd see this RSS feed pop again, huh?

It's been quite some time since we've updated our blog, and we have to apologize.  The Research Team has been very busy spending all of our time supporting our Preview and Penetration Testing customers, and with the many customer projects we have additional to these services, it's been hard to get away and post to the blog.  We've also been staying very busy with vulnerability discoveries as well, but have been working with CERT to coordinate vendor disclosure rather than reporting here, so we're sorry it may have seemed a little quiet on that front as well...we're definitely staying busy.  ;-]

We will be reviving the eEye Research blog in the coming year to contribute relevant and non-regurgitated food-for-thought for the security community and our customers.  A lot of our projects have also been in the quantitative realm as well, so we look forward to discussing some unique statistics on here in the coming months.

Please let us know if you have any topics in particular you'd like to see us discuss.

Of course, you always know how to get in touch with us: skunkworks@eeye.com.

Happy Holidays!

~eEye Research

Posted by eEye Research on December 19, 2008 at 17:36 | | Comments (0)

Next »