AV software from Symantec, AVG, Kaspersky Lab, Trend Micro, ESET, ESTSoft, Lookout, Zoner, Webroot, and Dr. Web was tested as part of an evaluation of mobile security software. Using a tool called DroidChameleon malware samples were transformed to generate new variants that contain the exact malicious functions as before. These new variants were then passed to the AV products, and much to the surprise of the paper’s authors, they were rarely flagged.
The paper said that the findings showed that all the anti-malware products evaluated are susceptible to common evasion techniques and may succumb to even trivial transformations not involving code-level changes. More than 43 per cent of the signatures used by the AV products are based on file names, checksums (or binary sequences) or information obtained by the PackageManager API.
Minor changes to a virus will render their protection useless for the most part.