What is it?
For years, the cat-and-mouse game has continued between malicious-codeauthors and security vendors. Recently, VeriSign iDefense scanned morethan 3,000 new malicious codes to see whether Symantec, McAfee andKaspersky Labs could detect them.
How does it work?
Hackers and attackers now regularly test new malicious codes against thetop AV engines to ensure that their creations are undetectable beforereleasing them. Some authors upload several new creations to free onlineweb scanners every day. Using this tactic, they can create new variantsthat are undetectable by AV software faster than vendors can create anddeploy new signatures.
Should I be worried?
VeriSign iDefense's test showed that none of the three programs was 100percent effective on its own.
How can I prevent it?
Large corporate networks should deploy at least two different AVsolutions. The programs used should be effective at both the host layerand on the gateway layer. Using lesser known but robust solutions can helplower the risk of attack as most malicious code authors test new codesagainst leading AV products.
Ken Dunham, director of the iDefense rapid response team, VeriSign.
