Hackers Looking Hard For Anti-virus Software Vulnerabilities

Discussion in 'malware problems & news' started by ronjor, Jul 26, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Article
     
  2. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Looks like signature based file scanners are about to be under attack.


     
  3. tom772

    tom772 Guest

    Thank for keeping us all posted on current news Ronjor - cant get any worse can it!!?

    To be honest along with some of the other news you have posted this week, is there ever going to be a time when people can feel safe online without worrying about security.(internet 2 maybe?)

    take care T
     
  4. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, tom772

    Use someone else's computer. ;) [remotely, that what I do much cheaper. :D :D ]

    Take Care,
    TheQuest :cool:

    PS: It my JOKING
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I feel perfectly safe online without worrying about security. You should too!

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  6. ---

    --- Guest

    After reading the article, I have come to the conclusion that it is security software as a whole that is coming under attack. People are trying to find flaws in them, much as they do for Windows, browsers, email clients etc.

    The examples given are for main stream security software which are naturally antiviruses. But I have no reason to believe that security software based on other non signature based methods are immune to exploits.

    In fact, given their nature, I think they are even more vulnerable than signature based file scanners.
     
  7. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Why do you think behavior based software is more vulnerable than scanners? I am interested in hearing the weaknesses of using this method since everyone only talks about the strenghts.



    Starrob
     
  8. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    There always have been AV vulnerabilities. Most notoriously in decompressing engines.

    I don't see a widespread exploit of these vulnerabilities for the following reasons:
    - Most AV engines automatically update itself.
    - There's no generic AV. Eveyone uses as different AV product.
    - AFAIK most vulnerabilities are of DOS nature and not remotely exploitable.

    This could change when Microsoft launches or bundles it's security suite :rolleyes:

    The article discusses fooling signature based scanning on file types and recursion in archives files. I don't know how they want to fool file types. Maybe be masking an an executable as .doc, which usually passes through? Compressed file types remain the weak spot, see the My-Doom outbreak and the vulnerabilities in decompressing engines.

    If the AV industry can't address these weak spots, we can always consider quarantaining or blocking compressed files.
     
  9. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Thanks for the insight diginsight....Always love to learn new things.



    Starrob
     
Loading...
Thread Status:
Not open for further replies.