What are Suspicious Packers?

In order to prevent the reverse engineering of a malicious software program and to hinder the analysis of the program’s behavior, malware developers may compress – or pack – their malicious programs, using a variety of methods combined with file encryption. Antivirus programs detect the results of the actions of Suspicious Packers, i.e. packed items.

There are ways to prevent packed files from being unpacked. For example, the packer may not fully decipher the code – only to the extent that it is executed - or the packer may only fully decrypt and launch a malicious program on a specific day of the week.

How Suspicious Packers can impact you

The main features that differentiate behaviors in the Suspicious Packers subclass are the type and number of packers used in the file compression process. The Suspicious Packers subclass of malware includes the following behaviors:

  • Suspicious Packer
    Objects that have been compressed, using packers that are designed to protect malicious code against detection by antivirus products
  • MultiPacked
    Files that have been packed several times, using a variety of packers
  • Rare Packer
    Files that have been compressed by packers that are rarely encountered – for example, packers that demonstrate a proof of concept

How to protect yourself against Suspicious Packers

Installing effective anti-malware software on all of your devices – including PCs, laptops, Macs, smartphones, and tablets – and keeping your anti-malware solution updated, can protect you against Suspicious Packers. Kaspersky Anti-Virus 2013 – will detect and prevent a vast range of malicious software programs and suspicious software on your PC, while Kaspersky Mobile Security delivers world-class virus protection for Android smartphones. Kaspersky Lab has products that protect the following devices:

  • Windows PCs
  • Linux computers
  • Apple Macs
  • Smartphones
  • Tablets