Results 1 to 2 of 2
  1. #1
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Multiple AV Software Detection Vulnerability

    The problem is the scanning engine, and since this summer (when the test was done) some programs may have updated their scanning engine, but I do not know if this problem is solved. It does not seem like that. Now there is a proof of concept published.

    Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability through forged magic byte
    "The problem presents itself in the way various anti-virus software determines the type of file it is scanning. An attacker can exploit this vulnerability to pass malicious files passed the anti-virus software. This results in a false sense of security, and ultimately could lead to the execution of arbitrary code on the victim user's machine."

    References:
    http://archives.neohapsis.com/archives/ful...05-10/0504.html
    http://www.securityfocus.com/bid/15189

    Argus

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Multiple AV Software Detection Vulnerability

    SecurityFocus reports:
    <hr>Solution:
    Trend Micro PC-cillin 2006 is not affected by this issue. Please contact the vendor to obtain fixes.<hr>
    That's strange, 2006 is still in beta. I'm sure they aren't suggesting that lots of people run out and join a beta program...

    Well, it's a reminder to be careful with executables (whether EXE or BAT), and not rely on one's virus scanner to ensure that they are safe.

    And for extra protection, one can upload to VirusTotal (has a Flash animation) for a cross-check against other scanners. Obviously don't upload anything highly confidential!

    <img src=/w3timages/blackline.gif width=33% height=2><img src=/w3timages/blackline.gif width=33% height=2>

    Update!! Two days later, PC-cillin 2006 is announced: North American site.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •