Original Article: http://sunbeltblog.blogspot.com/2008/09/how-to-make-notepadexe-malicious-file.html
Archive.org Saved Page
Alex Eckelberry over at Sunbelt got an itch to see which virus vendors were just using packer signatures instead of emulating the defaltion process and detecting the virus inside. This is a shortcut that can yield false positives such as demonstarted in Alex’s experiment, but is done due to the overhead such an undertaking would introduce, I assume, to the client software.
I bring this up here because I recently conducted a somewhat similar test, although I admittedly know very little about packers.![]()
![]()
![]()
![]()
![]()
↧