Sunday, January 4, 2009

Evading Anti-Virus, the easy way

This is just an example of how well-known malware can evade Anti-Virus:

- Use a file splitter software to split the malware into several small size files
- Run the anti-virus engine locally to scan all the small files, the anti-virus will detect a signature of the malware in one or more of the small splitted files.
- Next step is to use a Hex editor to change the signature of these detected files, by changing any byte within the file.
- Test the anti-virus again against all edited files, you may want to repeat the process and change a different byte.
- Re-run your file splitter to un-split your files
- Test the malware if it works fine or your changes did break the code. You will have to start over again, if the code is broken.
- Once your tests succeeded, your malware should be now un-detectable.

No comments: