Malware authors have many ways to get around antivirus engines Which method would not be an effective technique?

Answer 1

To evade detection, during and after installation, malware uses five primary techniques.

Wrapping. This process attaches the malicious payload (the installer or the malware itself) to a legitimate file. When the legitimate file is installed, so is the malicious payload (which usually installs before the legitimate file does). Using static signatures to detect wrapper files is largely ineffective since new ones are easily and regularly created and often generates false positives. This technique is commonly used by Windows and OS X malware distributed via pirated software and P2P networks. IceFog is a well-known malware commonly wrapped with a legitimate-looking CleanMyMac application and used to target OS X users. On the Windows platform, OnionDuke has been used with legitimate Adobe installers shared over Tor networks to infect machines.

Obfuscation. This involves modifying high level or binary code it in a way that does not affect its functionality, but completely changes its binary signature. Obfuscation was originally used to protect legitimate software against reverse-engineering and piracy. Malware authors have adopted the technique to bypass antivirus engines and impair manual security research. Using XOR encoding is one way to do this. Hiding process and file names, registry entries, URLs and other useful information can significantly slow down the investigation/reverse engineering of new malware samples.

Packers. These software tools are used to compress and encode binary files, which is another form of obfuscation. At runtime, the packer, which is typically embedded with the malicious binary, will "unpack" the payload into memory and execute it. There are a handful of common packing mechanisms in use today such as UPX, PECompact, Armadillo and others. These techniques are extremely effective at circumventing static signature engines.

Anti-debugging. Like obfuscation, anti-bugging was originally created by software developers to protect commercial code from reverse-engineering. Anti-debugging can prevent a binary from being analyzed in an emulated environments such as virtual machines, security sandbox, and others. For example, the ZeroAccess malware implemented a self-debugging technique in order to block external debugging attempts. Another example is malware attempting to delay its execution (or sleep) for an extended period of time. This is useful for bypassing sandboxing solutions since these only keep binaries in an emulated environment for a specific period of time before classifying them as benign and releasing them to the network.

Targeting. This technique is implemented when malware is designed to attack a specific type of system (e.g. Windows XP SP 3), application (e.g. internet Explorer 10) and/or configuration (e.g. detecting a machine not running VMWare tools, which is often a telltale sign for usage of virtualization). Targeting ensures that the malware is only triggered and installed when specific conditions are met, which enables it to evade detection in sandboxes because they do not resemble the host being attacked.

Answer 2

If the anti-virus has real time protection enabled, crypt it with a file using n.t. packer or f.b.i binder, it should come out clean

Answer 3

If the anti-virus has real time protection enabled, crypt it with a file using n.t. packer or f.b.i binder, it should come out clean

Answer 4

Hotfixing