on Mar 26, 2014All, attached is a paper in PDF format that describes a real-world instance of the Malware Factory in action as it pertains to a prior post on the Zusy Botnet Beaconing detection here. What makes this significant is that a theoretical idea that malware could constantly change itself has now been proven to exist in the wild.
If you rely on hash-based detection capabilities and solutions to find malware, you will not be able to detect this threat.
Thanks to Christopher Elisan and Ahmed Sonbol of RSA FirstWatch for their insightful analysis and thanks to Jason Rader for his insight and editing!
The stats in figure 1 are truly staggering - in the first 2 months of 2014 there were already more new malware samples than in the whole of 2013. Good luck writing signatures for those!