Decoding the methods in malicious code is becoming more difficult, according to reverse-engineering experts. Attacks no longer scramble simple function names, but encrypt entire blocks of code. Attackers use obfuscation to make it harder to analyze malicious software and stymie security tools, such as intrusion-detection systems, from recognizing the attack. Initially, obfuscation merely scrambled the names of the functions being called by a program, complicating analysis of the binary code. As automated reverse engineering makes progress, however, malware authors are increasingly scrambling entire blocks of code and using better obfuscation techniques to make analysis and detection that much harder, the director of cybersecurity operations for SRA International said. Part of the problem is attackers are using so many different ways of getting onto systems, experts said. Attacks that use social engineering will use obfuscated Web addresses and code. Drive-by downloads, which infect people when they visit a Web site, will encrypt their payloads. And more direct measures aimed at servers will scramble the code to evade intrusion-detection systems, the director of product management at network security firm Stonesoft said.