The modification of actual malicious code to bypass antivirus has not pleased many security-software vendors.

"Is it not enough that malefactors of the world are writing and distributing new Malware every day?" antivirus firm Sophos stated in an April blog post. "Or that identity and credit fraud are becoming more popular criminal endeavors? Now, pseudo-benevolent coders are being challenged to add to the quagmire of nasties under the guise of promoting more widespread and generic detection."

Howard argued that he addressed the main concerns of antivirus companies. The network on which the contest took place was closed and not connected to the Internet to avoid any inadvertent leak of code.

"They are scared of the samples being released in the wild," he said. "All samples will be submitted to the antivirus vendors with the name of the team who created it, so if one is released, they will know which team it came from."

The lesson for the participating teams appeared to be that creating obfuscated viruses to get by antivirus software was not too difficult -- if you can get one past all the scanners, you can get all of them past the scanners, said the team of researchers from VeriSign subsidiary iDefense that completed the contest.

"That's what the bad guys do," said Matt Richard, director of rapid response for iDefense. "They find a packer that works and then use it for everything."

Richard and his two co-workers completed the contest in a little over five hours. He argued that the contest is valuable because it teaches the researchers to appreciate the enemy.

"Sometimes you have to write stuff in order to find out how the bad guy would do it," Richard said. "They are doing the same thing we did here, but sitting at home."

For contest organizer Howard, the lesson was less for the antivirus industry and more for companies and home users. He hopes that any coverage of the contest will deliver a message to antivirus users.

"If Mom and Dad read an article and go into their antivirus settings and turn on the behavioral features, then it is all worth it," he said.

If you have tips or insights on this topic, please contact SecurityFocus.