Evasion bug bites virus shields (but NOT NOD32)

Discussion in 'NOD32 version 2 Forum' started by msanto, Nov 1, 2005.

Thread Status:
Not open for further replies.
  1. msanto

    msanto Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    214
    Check out the link to the advisory. NOD32 is listed as NOT vulnerable.

    Evasion bug bites virus shields

    A flaw in several virus scanners could let a malicious file evade detection, a security researcher has warned. But some in the industry dispute that it's a security bug.

    By adding some data to a file, an attacker could trick virus scanners into letting a malicious executable file pass through, security researcher Andrey Bayora wrote in an advisory last week. The problem lies in the scanning engine, which won't detect files that have the extra data. Bayora refers to that extra data as the "Magic Byte."

    The problem affects numerous antivirus products, including software from Trend Micro, McAfee, Computer Associates and Kaspersky Lab, said Bayora, who works as a computer security consultant in Israel. His advisory also lists several products that are not affected, including software from Symantec, F-Secure and BitDefender.
    __________
    Read More / Source: News.com
     
  2. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Cool! NOD32 has a nice AV. :)
     
Thread Status:
Not open for further replies.