But the bad guys didn’t exactly take this innovation laying down; rather, they responded with their own innovations. What they came up with is known as the “crypting” service, a service that has spawned an entire industry that I would argue is one of the most bustling and lucrative in the cybercrime underground today.
Put simply, a crypting service takes a bad guy’s piece of malware and scans it against all of the available antivirus tools on the market today — to see how many of them detect the code as malicious. The service then runs some custom encryption routines to obfuscate the malware so that it hardly resembles the piece of code that was detected as bad by most of the tools out there. And it repeats this scanning and crypting process in an iterative fashion until the malware is found to be completely undetectable by all of the antivirus tools on the market.