Security systems certainly have improved over time, but it is estimated that only about 40 percent of the anti-virus software programs actually can detect binaries during the period of greatest danger, the first few days when a variant starts being used by botnet builders. Stuart Staniford, chief scientist for FireEye, ran a test to see why the detection systems were being evaded. He uploaded a sample of 217 binaries culled from FireEye appliances on customer premises, and ran 36 anti-virus programs.

About half of the binaries picked up by FireEye were unknown to detection systems. Staniford said malware often uses 'polymorphisms'-- programs that are constantly changed very slightly to evade binary pattern detection. He said this makes it important that anti-virus programs can spot malware in the first week of its use. "The sample is likely to get discarded by the bad guys pretty soon after that," he told PCWorld.com.

For more on anti-virus security:
- see this PCWorld.com article

Related Articles:
IT security news from FierceCIO