Again and again and again… That’s what comes to my mind every time when I see a new variant of the Kavo family and, most recently, also the Hilot family. These malware samples are machine-generated and their authors can develop a “completely new” set of samples based on a simple change made to the generator itself. What’s the problem here? These changes are not random as we earlier thought, they’re precisely targeted against the most popular AV engines.
I’m really impressed how perfectly our user community works! A new web-based attack was discovered today and our users made a detailed analysis promptly and helped to clarify what’s going on there. What I’m talking about? And where’s the relation to the question in title? It is pretty simple :-).