Results 1 to 2 of 2
2005-10-29, 11:27 #1
- Join Date
- Oct 2002
- Thanked 0 Times in 0 Posts
Multiple AV Software Detection Vulnerability
The problem is the scanning engine, and since this summer (when the test was done) some programs may have updated their scanning engine, but I do not know if this problem is solved. It does not seem like that. Now there is a proof of concept published.
Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte
"The problem presents itself in the way various anti-virus software determines the type of file it is scanning. An attacker can exploit this vulnerability to pass malicious files passed the anti-virus software. This results in a false sense of security, and ultimately could lead to the execution of arbitrary code on the victim user's machine."
2005-10-31, 17:42 #2
- Join Date
- Feb 2001
- Silicon Valley, USA
- Thanked 93 Times in 89 Posts
Re: Multiple AV Software Detection Vulnerability
SecurityFocus reports:<hr>Solution:That's strange, 2006 is still in beta. I'm sure they aren't suggesting that lots of people run out and join a beta program...
Trend Micro PC-cillin 2006 is not affected by this issue. Please contact the vendor to obtain fixes.<hr>
Well, it's a reminder to be careful with executables (whether EXE or BAT), and not rely on one's virus scanner to ensure that they are safe.
And for extra protection, one can upload to VirusTotal (has a Flash animation) for a cross-check against other scanners. Obviously don't upload anything highly confidential!
<img src=/w3timages/blackline.gif width=33% height=2><img src=/w3timages/blackline.gif width=33% height=2>
Update!! Two days later, PC-cillin 2006 is announced: North American site.