After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that they’re seeing just the opposite: simple malware wrapped within obscenely large executables – in one case, over 200 megabytes, according to a post on the French-language support forum Malekal.com.
According to Malekal, very large executables have been found in a string of recent infections reported to the site in recent days. The extra girth isn’t about added functionality, either. The 205 megabyte executable that was dropped would have zipped down to just 200K. So why go large? The current theory is that larger executables might be an effort to frustrate the realtime detection capabilities of modern AV clients, which grab new, suspicious files and send them (or a hash of the file) up to cloud based servers that will generate a new signature for the malware. Alternatively, IT staff may submit suspicious files by e-mail to their antivirus provider’s lab. In both cases, very large executables might frustrate efforts to develop a signature and detect the new threat."