Malware using packing to escape detection

PandaLabs, the research arm of Panda Software, has published research that shows 78 percent of new malware using some kind of file packing to evade detection.

Interestingly, the research claims that there are now many different types of packers.

According to the PandaLabs study, UPX is now the most common and is seen in 15 per cent of malware detected, whilst PECompact and PE are used in 10 per cent of cases.

However, says PandaLabs, there are now more than 500 types of packers that could be used by cyber-criminals.

According to Luis Corrons, the firm's technical director, packing is really a stealth technique.

"The increasing use of these programs highlights how keen Internet criminals are for their creations to go undetected," he said, adding that the tools allow cyber-crims to combine several malicious files in a single packer.

"This both hinders detection and allows a malicious code to download copies of other strains more effectively," he explained.

Corrons went on to say that the problem is when to detect the malware, as some malware downloads are now being packed with legal programs, and it is not possible to distinguish between goodware and malware by the packer on its own.

The biggest problem facing the IT security industry, said Corrons, is hacker customisation, whereby super-sharp hackers are creating their own encryption codes.

"Malware concealed in this way is very difficult to detect," he added

You can read more on PandaLabs' research here...