Home Code Snippets Oracle Reference Oracle Functions Oracle Error Codes Forum Oracle Jobs Oracle Blogs

Critical Flaw Found In Almost All Anti-Virus Software

From the Now-It's-Time-To-Panic department: The Register just published an article claiming that Matousec, a software security  testing service, has uncovered a relatively simple way to bypass nearly all antivirus software (McAfee, Trend Micro, AVG, BitDefender, and others).  The trick is based on sending non-malicious code to the antivirus driver hooks, and then swapping it out at the last moment for the malicious code. By doing this, the antivirus engine and detection systems can be completely bypassed.

The article notes, "As a result, the vast majority of malware protection offered for Windows PCs can be tricked into allowing malicious code that under normal conditions would be blocked." But wait, there's more!

The Register goes on to say, "The technique works even when Windows is running under an account with limited privileges," but "it can be carried out only when an attacker already has the ability to run a binary on the targeted PC."

In other words, it doesn't require doing anything that can't already be done by your run-of-the-mill browser expoits and malware payloads. And almost all anti-virus packages are vulnerable. Wonderful. It's not even Monday, and it's already looking like it's going to be a long week. Oh, and in case you want to know if your anti-virus software is on the list, the answer is probably, "yes":

3D EQSecure Professional Edition 4.2 VULNERABLE
avast! Internet Security 5.0.462 VULNERABLE
AVG Internet Security 9.0.791 VULNERABLE
Avira Premium Security Suite VULNERABLE
BitDefender Total Security 2010 VULNERABLE
Blink Professional 4.6.1 VULNERABLE
CA Internet Security Suite Plus 2010 VULNERABLE
Comodo Internet Security Free 4.0.138377.779 VULNERABLE
DefenseWall Personal Firewall 3.00 VULNERABLE
Dr.Web Security Space Pro VULNERABLE
F-Secure Internet Security 2010 10.00 build 246 VULNERABLE
Kaspersky Internet Security 2010 VULNERABLE
KingSoft Personal Firewall 9 Plus 2009.05.07.70 VULNERABLE
Malware Defender 2.6.0 VULNERABLE
McAfee Total Protection 2010 10.0.580 VULNERABLE
Norman Security Suite PRO 8.0 VULNERABLE
Norton Internet Security 2010 VULNERABLE
Online Armor Premium VULNERABLE
Online Solutions Security Suite 1.5.14905.0 VULNERABLE
Outpost Security Suite Pro VULNERABLE
Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION VULNERABLE
Panda Internet Security 2010 15.01.00 VULNERABLE
PC Tools Firewall Plus VULNERABLE
PrivateFirewall VULNERABLE
Security Shield 2010 VULNERABLE
Sophos Endpoint Security and Control 9.0.5 VULNERABLE
Trend Micro Internet Security Pro 2010 17.50.1647.0000 VULNERABLE
Vba32 Personal VULNERABLE
VIPRE Antivirus Premium 4.0.3272 VULNERABLE
VirusBuster Internet Security Suite 3.2 VULNERABLE
Webroot Internet Security Essentials VULNERABLE
ZoneAlarm Extreme Security 9.1.507.000 VULNERABLE

In a word, "Uh-oh".

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam Protection by WP-SpamFree