Compressors / Packers

Compressors, or Packers are legitimate compression utilities which will compress (make smaller) Windows® program files - .EXE files. In a similar way to using a popular file compression utility such as WinZip before e-mailing, compressors do the same for executable files. However, unlike WinZiped files, which require to be decompressed before loading, compressed executables run in their new state. Because of this, the executable will pass through any anti-virus scanning engine because the virus signature has been modified and the anti-virus software will not recognize it.

There are many free and available compression utilities and these have been responsible for many of the Trojan variant programs and worms which have caused so much damage. Here are a few examples of common compressors, AS-pack, PECompact, Petite, PKLite, NeoLite, Shrinker and WWpack32.

With such compressed files being able to circumvent your anti-virus software, what options are available? According to one hackers site, "The only way to stop an executable from harming your PC is to run it in a proactive "sandbox" environment and monitor its behaviour for malicious activity in real-time."