Hackers have learned quite a while ago that anti-virus was there #1 enemy. So, they modify their malware source code to avoid detection.
I read an article once in Hakin9 magazine where to avoid anti-virus all one needed to do was add a random text file to the front of the malicious code to fool anti-virus. Sounds unbelievable, but the author tested it, and it worked.
Anti-virus has gotten smarter, but so hasn’t the technology to bypass it. Most hackers currently use an obfuscator program to bypass anti-virus and they work very well. The advanced persistent threat infected thousands of machines which had firewalls up, intrusion detection systems and current Anti-Virus.
How? Signature based virus detection can no longer keep up with the sheer volume of new viruses and cleverly obfuscated malware. Also, spyware blockers will not work, if you allow the program to run!
The Social Engineering Toolkit is a perfect example of this. You create an obfuscated client and if the target allows it to install, you get a remote shell, easy as that, regardless of security updates, firewalls and anti-virus.
So what so we do? Do not click on unknown links. Do not install “video codecs’ to run any movies from a site you haven’t been to before (For goodness sake, use YouTube!). Be wary of links in e-mail, even “official” looking e-mails. The Kneber Botnet was installed via malicious e-mail links by many military personal who thought it was a military correspondence.
Do not run “online anti-virus” programs that pop up when you are surfing. Be very careful what PDF files you view online. Beware “free online games”, many contain backdoor trojans.
Instruct your children too on these practices (see Hackers Targeting Teens and Young Surfers). By surfing safely, many of these advanced threats can be avoided.