Standards and policies on packer use

Samir Mody Sophos
Igor Muttik McAfee
Peter Ferrie Microsoft

Packers, whether third-party or bespoke, are still widely used by malware authors in an attempt to evade detection. Conficker, FakeAV, Bredolab and TDSS are but a few examples of malware which make extensive use of packing technology.

The wide variety of packers used for both legitimate and malicious purposes pose a challenge for the anti-virus industry. The anti-virus community has decided, within the framework of the Malware Working Group within the Industry Connections Working Group, to address the issue of packers with a common voice.

One of the fruits of the collaborative sessions involving representatives from across the anti-virus industry is a document describing various packer properties and standards for their use. This document is meant to provide a yardstick for the formulation of policy on how to treat different packers and a potential set of best practice guidelines for packer vendors.

It is hoped that the guidelines can be used to improve end-user security through the concerted efforts of the anti-virus industry when dealing with packers, and via cooperation and information exchange with packer vendors. Thus, it is expected to facilitate a more robust approach to the generic static flagging of suspicious packed files for the benefit of all (apart from the malware authors, of course).

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

VB2014
VB2014 VB2014 will take place 24 - 26 September 2014 at the Westin Seattle hotel, Seattle, WA, USA.

Virus Bulletin currently has 231,307 registered users.