What if... nod32.com will be hijacked?

Discussion in 'NOD32 version 2 Forum' started by user67, Sep 14, 2004.

Thread Status:
Not open for further replies.
  1. user67

    user67 Guest

    What will happen when nod32.com domain will be hijacked?

    I talk about this theoretically but it is quite important.

    For example someone successfully hijacked nod32.com domain (it is possible - read about recent hijacked google.de and ebay.de). Attacker make fake update.ver pointing to his fake update files. Users will download fake updates and AV will be screaming with tons of false positives or worse new AV code will be executed in kernel context...

    Any comments?
     
  2. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    What if the sky fell tomorrow?
    What if it rained acid tomorrow?
    What if the earth blew up?

    What if the same thing happened to microsoft's website and you thought you were downloading a patch. I'm sure that they would take all precautions, but it can happen.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Update files are digitally signed, NOD wouldn't update at all in such case.
     
  4. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    I guess that's a better response than mine. :)
     
  5. user67

    user67 Guest

    Thank you for answer.

    I think that ESET should also sign update.ver file. It contains sensitive information which could cause Denial of Service. After changing version, URL of update files and size of these files to something really big - AV could use all network resources to download these files and at the end of downloading there will be sign mismatch and the process will start over.
     
  6. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Very nice to know, thank you Marcos :D

    Cheers :D
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    LOL, I did like yours though :D

    Cheers :D
     
Thread Status:
Not open for further replies.