Standards and policies on packer use

Samir Mody Sophos
Igor Muttik McAfee
Peter Ferrie Microsoft

Packers, whether third-party or bespoke, are still widely used by malware authors in an attempt to evade detection. Conficker, FakeAV, Bredolab and TDSS are but a few examples of malware which make extensive use of packing technology.

The wide variety of packers used for both legitimate and malicious purposes pose a challenge for the anti-virus industry. The anti-virus community has decided, within the framework of the Malware Working Group within the Industry Connections Working Group, to address the issue of packers with a common voice.

One of the fruits of the collaborative sessions involving representatives from across the anti-virus industry is a document describing various packer properties and standards for their use. This document is meant to provide a yardstick for the formulation of policy on how to treat different packers and a potential set of best practice guidelines for packer vendors.

It is hoped that the guidelines can be used to improve end-user security through the concerted efforts of the anti-virus industry when dealing with packers, and via cooperation and information exchange with packer vendors. Thus, it is expected to facilitate a more robust approach to the generic static flagging of suspicious packed files for the benefit of all (apart from the malware authors, of course).

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

VB100 certification
VB100 For the first time in living memory, this test saw a clean sweep of certification passes, with all products reaching the required standard for a VB100 badge, and most also doing well in terms of stability.
See full results.

Virus Bulletin currently has 231,338 registered users.