Virus Guy expressed precisely :
> Dustin wrote:
>
>>> And we have more!  This one's hot-off-the-press (as of 3 hours
>>> ago):
>> 
>> And it means absolutely nothing. That's the thing you don't seem to
>> comprehend.
>
> So what you're saying is that for the 10 AV programs that *can* detect
> those files as viral - it means nothing.

It looks to me as if they are detecting the packer and not the actual 
malware in the package. IOW they have seen the packer before with 
samples of other malware inside.

[...]

> Does anyone else here feel the same way as Dustin about this ability (or
> lack thereof) of the vast majority of AV software to be able to detect
> these threats when they first enter circulation?

It is inherently impossible to identify any *new* sample with signature 
based detection if no signature has yet been promulgated.

In some cases they may be able to 'detect' that it is malware by 
guessing that malware would reside in such a packed file, but not be 
able to 'identify' what malware it is.


--- NewsGate v1.0 gamma 2