"Undetectable" Malware?

Is it really true that crackers can make malware that can bypass most AVs with just a File Splitter and a Hex editor? I also heard that "undetectable" malware can be created with the help of a packer. Are these all true?

 

Yes.

Some AV's might detect the packer, but not always the nasty. It may report the file/s as Suspicious, but lots of innocent things are packed. That's one reason we sometimes see FP's

To be Undetectable doesn't rely on packing. Think Rootkit.

 

Those "patchers" are the amateurs and script kiddies who lack programming knowledge. They usually do not even bother to test if their "creations" are still executable. Professional malware writers can easily generate a new "variant" which is totally different from the previous variants, write their own cryptors and obfuscating code generators. Sometimes I wonder if they put more work into obfuscating their crap and could rather write legal software with less effort. But that's not easy earned money, then.

 

Hi!
Where can I find more information about how to write my own cryptors and obfuscating code generators?
This seems like it would be a fun activity!

 

No worries, I see enough of this stuff daily and don't want even more.

 

It does not have to be in the form of links.

Can you recommended any textbooks, universities that give computer science courses, research fellows, etc.



Thanks.

 

I know many groups and individuals, indirectly, through their malware, utilities and sites.

Their aim is to find something that will be grasped by users, infect it and circulate it. This is usually best done through file sharing - find a program that many people will be interested in using and not having to pay for it. They now need to change the program and making it, to coin a phrase, Fully UnDetectable. As already mentioned using a crypter will help in contrasting the program.

edit :

Same here, but as you say e a s y money.

 

it might be true but the statement is ambiguous. it is trivial to modify an existing piece of malware or create a new piece of malware that will go unnoticed by a known-malware scanner, basically by definition. But is AV just known-malware scanning? many statements (like the one your asking about) pretty much assume that it is, but AV is more than just known-malware scanning, and the malware techniques your talking about aren't nearly as effective other AV techniques that are outside the realm of known-malware scanning.

so the answer to your question is that it depends. it depends on what (if any) other additional techniques are employed by the AV product in question.

 

Wildest

" might be fun "

All the best with it, too heavy duty for me though lol.

www.rootkit.com has been linked to on here in the past, so it must be ok to mention it. Lots of code, links etc on there.

 

Thanks, I have bookmarked this page, although WOT blocked it.
Interestingly, Avira Webguard said nothing.

I do find it interesting that it is ok to talk about the design of defensive systems but it isn't to talk about the design of offensive systems.
I can hardly imagine that a professional malware writer could learn anything here other than end-user experiences, and I don't see why it is ok for me to know how to build a lock but not ok for me to know how to pick it.
In fact, if taken further, the malware writers are the leaders and the anti-malware people are the followers in terms of technological sophistication.

IAC, in retrospect I think I should have asked this question on a unix-focused forum since this information would most likely be less taboo there.

 

rootkitdotcom(Greg Hoglund) is a clearing house for everything 'rootkits' and in evidently POCs, rootkits and antirootkits are uploaded there. I'm a member there, it's a good site - check out the blogs!
___________________________

You'll soon find the info you want looking for hacking and cracking tools, papers, blackhat and forums.

 

Wow, this is great.
His list of published works is impressive as well.

Thanks!