Virus scanning service designed for malware writers

I have long opined that the current generation of antivirus software is hopelessly outclassed when confronted by new or specifically tailored strains of malware. The reason is simple; hackers can easily test their new executables against specific antivirus scanners in order to tweak their malware such that they will not be detected by existing solutions.  This works in targeted attacks against large corporations too, since the security software of choice is hardly confidential information.

As if to further prove the broken nature of current scanners, we now hear of several new antivirus scanner services such as av-check.com and virtest.com that are clearly targeted at malware writers. For just $1 per file--or a flat monthly fee--av-check.com offers the ultimate in convenience by scanning the uploaded files with up to 22 different antivirus products.

For best results, the site promises that: "Each of them is setten [sic] up on max heuristic check level." As a further guarantee, it also promises that the file will be destroyed immediately after scanning, and that the various antivirus products will not be allowed to report back with the new signatures.

Moving ahead, even more advanced features are in the works--this includes the ability to test the uploaded files against popular anti-spyware tools and firewall applications, and also checking whether the malware works in a virtual machine (VM) environment. The last test is to facilitate virus writers in creating malware that self-destructs when in a VM to thwart the reverse engineering efforts of security researchers.

For more on this story:
- check out this blog at KrebsonSecurity

Related Articles:
AV-Comparatives ranks the top proactive antivirus scanners
Rogue malware is money spinner for scammers
Rogueware, the new malice in malware
Symantec identifies top rogue security software