What is it?
For years, the cat-and-mouse game has continued between malicious-code authors and security vendors. Recently, VeriSign iDefense scanned more than 3,000 new malicious codes to see whether Symantec, McAfee and Kaspersky Labs could detect them.
How does it work?
Hackers and attackers now regularly test new malicious codes against the top AV engines to ensure that their creations are undetectable before releasing them. Some authors upload several new creations to free online web scanners every day. Using this tactic, they can create new variants that are undetectable by AV software faster than vendors can create and deploy new signatures.
Should I be worried?
VeriSign iDefense's test showed that none of the three programs was 100 percent effective on its own.
How can I prevent it?
Large corporate networks should deploy at least two different AV solutions. The programs used should be effective at both the host layer and on the gateway layer. Using lesser known but robust solutions can help lower the risk of attack as most malicious code authors test new codes against leading AV products.
Ken Dunham, director of the iDefense rapid response team, VeriSign.