Further exposing the weaknesses of signature-based detection, cybercriminals have developed a new method to hide malicious code to evade detection.
Called dynamic code obfuscation, the method alters virus code using a different set of functions, parameter names and encryption keys for each user! For example, if two people visit a malicious Web site at the same time, each person will get a different encrypted or obfuscated code, generated on the fly.
“Security vendors that post security updates to their customers will need to theoretically create millions of signatures for their customers.”
– Yuval Ben-Itzhak,
Chief Technology Officer, Finjan Inc.