Last-minute presentation: Race to zero with online scanners

Boris Lau Sophos

  download slides (PDF)

DEFCON 2008 proposes to challenge AV vendors by modifying malware samples to avoid detection by anti-virus scanners ( However, we have already been observing these activities in the wild as malware authors attempt to systematically break detection with various online scanners using existing AV detection.

Observing malware authors using their tricks gives us a unique opportunity to understand their working processes. Analysing this information allows the AV industry to stay ahead in the fight against malware.

At SophosLabs we have a database of samples submitted to the labs which provide statistics that enable us to correlate samples from various sources and establish a picture of the workflow of malware authors. In this presentation I will use recent case studies based on data taken from our database to show the efforts malware authors put into evading detection.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.