NOD32 misses exec-only malware?

Hey all,

Does anyone know much about the news report of NOD32 misses exec-only malware?

http://www.scmagazine.com.au/News/279302,nod32-misses-exec-only-malware.aspx

A security researcher has claimed that NOD32 anti-virus will not remove malware that has executable but not read or write permissions.

The researcher claimed NOD32 allowed malware "to run unimpeded" but the company did not respond to attempts to confirm the flaw.

Avast anti-virus was also affected although it later fixed the flaw after it was notified.

The researcher said Eset, which owns NOD32, did not respond when it was privately notified of the flaw.

"The vulnerability discussed here is that some antivirus software fail to perform their functions if the malware file is missing read, write or delete permissions," the researcher said. "They might not scan the file contents, not delete, or not disinfect it."

The anti-virus flaw was detected with NOD32 running on a virtualised Windows XP Professional SP3 using the Back Orifice 2000 server file (bo2k.exe) with file permissions set to only allow execution.

NOD32 versions 5.0.93.0, 5.0.94.0 and earlier, 4.2.71.2 and earlier and 4.0.x were reportedly affected.

 

Hey you

Hmmm.....interesting but more facts is needed

 

They are talking about this bug: http://seclists.org/bugtraq/2011/Nov/28 and that was fixed with Antivirus and Antispyware module 1329 that was released novemder 2nd.

 

Cited at this post

 

Thank you for the quick replies, its great to see the Australian media is on the ball