This isn't really a question, but I did my own malware analysis research recently and thought I could help with the metasploit encoding for AV evasion. I tested 8 payloads and 7 encoders with and without multiple encoding iterations. (up to 10 iterations as some payloads don't seem to work correctly with more.) AVG was the only oddball out of the 7 Anti-virus's tested. It found some payloads but not others. The generic encoder was not flagged at all. The strange part is some of the more advanced encoders such as shikata-ga-nai we're flagged dirty on almost all payloads.
Kaspersky Internet Security 2010, Mcafee Security Suite, and Microsoft Security Essentials flagged all payloads as dirty.
Avast free, Avira free, and Norton Internet Security 2010 flagged none as dirty.
I hope this helps, and if you want I can send my spreadsheet covering each AV in depth as metasploit payloads weren't the only "dirty" programs that I tested.
Hope this helps!
-hhmatt@live.com
Kaspersky Internet Security 2010, Mcafee Security Suite, and Microsoft Security Essentials flagged all payloads as dirty.
Avast free, Avira free, and Norton Internet Security 2010 flagged none as dirty.
I hope this helps, and if you want I can send my spreadsheet covering each AV in depth as metasploit payloads weren't the only "dirty" programs that I tested.
Hope this helps!
-hhmatt@live.com
AnonymousNice! Thanks for the info.
