In short, as I code, I know that computers are very predictable. If
your AV program is configured to catch virus "X" then it will catch
it--and you will not be infected.
***
Not *always* the case. Sometimes the signature is in the virus body and
the self-decryptor has to run in emulation for a time before revealing
said virus body. If the self-dycryptor has emulation detection
capability it may fail to reveal the body when it detects that it is
being *watched*.
***
OK, I see.
But the bottom line is that AV vendors have an incentive to hype up
lack of security, and i've not seen it done, ergo,there's no problem
to hype.
Excerpt below verifies what I have said in this thread.
RL
http://threatpost.com/en_us/blogs/f...M+List&utm_campaign=Threatpost+Spotlight&CID=
Considering the stakes in today's security game, gleaning intelligence
from professional attackers is an invaluable experience for
researchers on the other side of the ball. Robert Hansen, a security
researcher and CEO of SecTheory, has been doing just that in recent
months, having a series of off-the-record conversations with spammers
and malicious hackers in an effort to gain insight into their tactics,
mindset and motivation.
In a blog post describing one such conversation, Hansen says that the
attacker was lamenting the difficulty of executing targeted attacks
against machines in high-value networks. Security systems are doing a
fairly good job of making life difficult for him.
He’s not the type to hack randomly, he’s only interested in targeted
attacks with big payouts. Sure, if you really work at it for days or
weeks you’ll get in, almost always, but it’s not like it used to be
where you’d just run a handful of basic tests and you were guaranteed
to break in. The risk is that now when he sends his mules to go cash
out, there’s a chance they’ll get nailed. Well, the more I thought
about it the more I thought that this is a very solvable problem for
bad guys. There are already other types of bad guys who do things like
spam, steal credentials and DDoS. For that to work they need a botnet
with thousands or millions of machines. The chances of a million
machine botnet having compromised at least one machine within a target
of interest is relatively high.
Hansen's solution to the hacker's problem provides a glimpse into a
busines model we might see in the not-too-distant future. It's an
evolutionary version of the botnet-for-hire or malware-as-a-service
model that's taken off in recent years. In Hansen's model, an attacker
looking to infiltrate a specific network would not spend weeks
throwing resources against machines in that network, looking for a
weak spot and potentially raising the suspicion of the company's
security team.
Instead, he would contact a botmaster and give him a laundry list of
the machines or IP addresses he's interested in compromising. If the
botmaster already has his hooks into the network, the customer could
then buy access directly into the network rather than spending his own
time and resources trying to get in.
