Friday, April 25, 2008

Obfuscating Malware for Fun and Prizes

I just found out about a new contest happening this year at Defcon, called The Race to Zero. Contestants will be given a set of malware in which they have to modify and upload through a portal. In the portal, a large number of AV programs will be run against the sample. Once the files have been obfuscated enough such that no AV programs detect it, the contestant will move to the next round. Obfuscated viruses must work the same as the original.

There are positive and negative things which can come out of this. Hopefully the obfuscation techniques used in the content will be analyzed by AV vendors to increase their capabilities in detecting malware - because they most certainly will be analyzed by malware authors! I can almost guarantee that whoever wins this will have their technique studied by various organized groups around the world.

I have to admit I'm tempted on entering this. I've used some techniques to bypass AV during my tests in the past and have had good success. Now, if only I can get my work to pay for me to go. :)

No comments: