How Does Antivirus Work?
Before I tell you some techniques which hackers use to bypass antivirus detection while installing keyloggers, you need to understand first that how keyloggers work.
An antivirus uses a variety of strategies to detect malicious programs, the most common method is a signature based detection method, An antivirus has a database of antivirus signatures which basically are the sample malware codes, when a program is scanned by an antivirus the antivirus compares the malware code or malicious code with the code of the program being scanned and thus reports if the program is malicious or not.
Now signature based detection method is good but you need to update your antivirus regularly in order to add protection against latest malwares.
The other method which an antivirus uses is Heuristic-based method where a malicious program is identified by its suspicious behavior. This approach can be helpful against new types of malwares.
Now as you know how an antivirus software works, I will introduce you
to some of antivirus bypassing techniques which hackers use to evade antivirus detection while installating a malicious program such as a Trojan or keylogger.
Crypters
Crypting is one of the popular methods used for antivirus evading due to it’s simplicity and also because it does not require any prior knowledge about any programming language.
How Crypters Work?
A crypter is a small program that allows the attacker to crypt the source code of a Trojan or any form of malware, A crypter basically jumbles the source of the file to make it undetectable, As I told you before that an antivirus use a signature based detection, the crypter jumbles the source so when an antivirus scans the virus it cannot detect it.
What is a FUD?
You might hear about “FUD Virus”, “FUD Trojan” and might be wondering what this “FUD” thing is. FUD basically stands for “Fully Undetectable” which simply means that a server, Trojan or a virus which cannot be detected by an antivirus. FUD server is very difficult to achieve, you are very lucky if you can find any binders or crypters out there which is FUD. Free Crypters lose their affectivity as antivirus makes or composes a signature for them, however paid crypters are said to be Fully undetectable.
Here are some of the commonly used crypters:
Ultimate Crypter – Ultimate crypter is one of the most commonly used crypters around, Ultimate crypter may not be able to achieve a FUD server but it has a very low detection rate. It has a paid version too which claims to make the server FUD however I haven’t tried it
Yoda’s Crypter – Yoda’s crypter has a lower antivirus detection rate than ultimate crypter, it has a user friendly graphical representation and is very easy to use.
T3c4i3 Crypter - T3c4i3 crypter used to be fully undetectable when I used it couple of months ago but now antiviruses have composed signatures for it, The way it works it that it crypts the source code of the program and assigns individual code within the code and therefore antiviruses do not detect it
There are lots of crypters available online just google for them and you will find tons of them for free.
So these are the most common all about How does Antivirus work and how to use, The next chapter will explain you What is binders and how to use.