How malware authors evade antivirus detection?

http://blog.webroot.com/2012/01/18/how-malware-authors-evade-antivirus-detection/#more-5824

 

employing business practices, as if it was not bad already.

 

Very cool, thanks.

 

Is Dancho Danchev now working for Webroot? Or, was it a guest article?

 

I've recently got impression that he's "guest blogging", rather than employed, but could be wrong.

 

Any way that program could be modified to function as a multi-engine scanner?

 

That's how it works but it's illegal.

 

Re: [Blog post] How malware authors evade antivirus detection?

command line is a dangerous & useful thing.
I myself have used it to bypass many things

 

Dancho announced on Twitter at the beginning of January he was joining Webroot as a security blogger.

 

I have never heard of "Kim’s Multiple Antivirus Scanner" and there is no search results about it except for this Webroot blog.

Does it really exists? Is it a legal software and if so where can you download it from?

Thanks.

 

How do some of the vendors get signatures and rules for their products?
They buy them off those same people that create the malware

 

There probably working with each other. $$ Cha Ching Cha Ching.

 

Exactly. Without the one the other will falter

 

Me niether !

Actually there are

Yes.

See your PM for a Lot more info & links etc

 

It's illegal - it packages paid antiviruses into a scanner in ways that probably violate their TOS.

No.

 

I said some and I have proof of such a company doing it. They bought 0 day exploits and it was used in their HIPS engine. Some others do it as well. Malware source codes get sell online and security companies scan those same forums. Some will make it public some will use it and put it quietly into their engine.