I'm sure the idea of packers is not new to anyone really when looking at malware. And, I'm sure most people are "comfortable" with the fact that a good packer would get around most AV...always lovely to demonstrate during a pen-test recap.
What about if you used a standard trojan that EVERYONE catches, and then pack it with the standard packers on the market...what would you expect? Well...maybe we were a bit hopeful when we were doing some of our testing for a Preview customer, but we expected most AV to at least write sigs for someof the packed trojans.
We're going to discuss the finding and our process in our next VERSA article next week, but pictures are always fun to look at right?
Looks pretty convoluted, but each color represents a different, well-known piece of malware. The closer to the center the lower coverage...obviously some AV's are better at detecting packed malware than others.
C-level take-aways will be in the VERSA article...enjoy!
~research