NOD32 misses exec-only malware?

Discussion in 'ESET NOD32 Antivirus' started by ratm160, Nov 9, 2011.

Thread Status:
Not open for further replies.
  1. ratm160

    ratm160 Registered Member

    Joined:
    Mar 21, 2011
    Posts:
    3
    Hey all,

    Does anyone know much about the news report of NOD32 misses exec-only malware?

    http://www.scmagazine.com.au/News/279302,nod32-misses-exec-only-malware.aspx

    A security researcher has claimed that NOD32 anti-virus will not remove malware that has executable but not read or write permissions.

    The researcher claimed NOD32 allowed malware "to run unimpeded" but the company did not respond to attempts to confirm the flaw.

    Avast anti-virus was also affected although it later fixed the flaw after it was notified.

    The researcher said Eset, which owns NOD32, did not respond when it was privately notified of the flaw.

    "The vulnerability discussed here is that some antivirus software fail to perform their functions if the malware file is missing read, write or delete permissions," the researcher said. "They might not scan the file contents, not delete, or not disinfect it."

    The anti-virus flaw was detected with NOD32 running on a virtualised Windows XP Professional SP3 using the Back Orifice 2000 server file (bo2k.exe) with file permissions set to only allow execution.

    NOD32 versions 5.0.93.0, 5.0.94.0 and earlier, 4.2.71.2 and earlier and 4.0.x were reportedly affected.
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Hey you :)

    Hmmm.....interesting but more facts is needed :doubt:
     
  3. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Cited at this post
     
  5. ratm160

    ratm160 Registered Member

    Joined:
    Mar 21, 2011
    Posts:
    3
    Thank you for the quick replies, its great to see the Australian media is on the ball
     
Thread Status:
Not open for further replies.