We just presented our PolyPack research today at the USENIX Workshop on Offensive Technologies (WOOT '09) in Montreal, Canada. Links to the paper and presentation materials are after the jump.
From the PolyPack website:
"PolyPack is a research project at the University of Michigan aimed at understanding the impact of malware packers on modern antivirus products. PolyPack highlights the failure of signature-based antivirus against common, widely available packers, investigates the role that diversity plays in the capabilities of both the packers and antivirus engines, and demonstrates the ease and efficacy with which an attacker could deploy an online packing service for nefarious purposes in a deployment model known as crimeware-as-a-service (CaaS).
The PolyPack web service uses an array of packers and antivirus engines to evaluate the effect that each packer has on the detection capabilities of the antivirus engines. Our current implementation employs 10 of the most common packers observed in the wild and 10 popular antivirus engines. A submitted binary is packed by each of the 10 packers and then analyzed by each of the 10 antivirus engines. The details of a few example results are available to the public."
PolyPack has caused some interesting debate between antivirus vendors  and members of the security community [1, 2, 3] on the ethics of publishing research that demonstrates the failure of current signature-based antivirus products. As ethics can be quite subjective, I would recommend to the reader that they observe the arguments on both sides of the aisle, view the paper and materials on the PolyPack website (the actual service is restricted from public use, of course), and make a decision for themselves.
If you're a penetration tester or researcher and would like access to the PolyPack service, drop me a line.