A new malware exploit works in a similar fashion to antivirus software, easily avoiding antivirus software.
It works the same way as an antivirus application does, by hooking directly into Windows, looking as if it’s harmless. It sends sample code to the operating system, as any antivirus application does, then swaps out malicious code at the last second, which is then executed.
Since the size of the code required to run this malware attack is quite large, it wouldn’t be feasible for a quick download, which is how most malware is acquired. The worry for most researchers is intentionally infected commonly downloaded software, such as Adobe Reader. During installation current antivirus software would not react until it was too late.
As this threat is currently theoretical, there’s no need to panic now. Antivirus companies have yet to respond to the potential threat, as blocking such software will require a reworking of how current antimalware software operates.
Detailed information about the exploit is available here