In this presentation muts shows how to defeat the signature based detection, He used an old backdoor called ncx which listens for incoming connections on port 99 and spawns a bind shell.
The process is creating a Code Cave and then wrting a xor stub, which will be used to encode the file content, The same xor stub will also be used to decode file in memory thus it will become undetected by the anti-virus software.
For my test I used a licensed Kaspersky a/v 2010 fully updated.
Well….you probably ask , why i gave this post the title of KAV Bloopers ?
Watch for yourself…….