Anti Virus Software Vulnerabilities Exposed For The World To See
- By Grey McKenzie
- Published 05/5/2008
Grey McKenzie
National Cyber Security Founder
Cyber security watchdog & one of the nation's leading cyber security experts, Grey McKenzie is also the Founder of SpyCop Security Software & Soft Media Publishing Incorporated.
His clients include members of the US Department of Homeland Security, US State Department, US Department of Defense, US Federal Bureau of Investigation, US Central Intelligence Agency, State & Local Law Enforcement not to mention over 50,000 companies & individuals worldwide.
He is regularly consulted by industry leaders regarding cyber security issues.
To schedule a procedural, technical and non-technical network security audit of your company call 902-532-2262
"We all kind of know antivirus is broken," said Kaminsky. Xue has been showing "how he can do some pretty simple stuff to AV code and the stuff just falls over. The interesting thing is how easy it is to reach."
For example, Xue explained how sending an infected file to someone then returns a reply that specifies which antivirus product scanned it, which enables a hacker to then use an exploit tailored for that particular product, Kaminsky said.
Xue talked about how to exploit the vulnerabilities through Web pages,
peer-to-peer and IM.
He also demonstrated some vulnerabilities in
antivirus programs that he discovered using "fuzzing," a technique in
which you try to make the program fail or crash, he said through an
interpreter in a phone interview with CNET News.com.
He declined to name the vendor of antivirus software because the company was still working on a patch for the vulnerability.
Xue said he has also used reverse engineering and source-code auditing
to find vulnerabilities in most of the top 20 antivirus products.
His
company is working to disclose the vulnerability information to the
companies.
AV companies need to be aware that just scanning the potentially malicious files, as it does to try to learn if they contain viruses, puts the AV software at risk because the file could be written to attack the AV software, he said.
Others have found other holes in antivirus software and prompted
vendors to fix the vulnerabilities.
Recently, a mail server in Denmark was compromised and data was stolen as a result of a Zero Day exploit written to take advantage of an unpatched vulnerability in antivirus software, according to Xue.
Microsoft, which has struggled to protect Vista users against viruses, considers the threat serious and is likely gleaning knowledge for its own Windows Live OneCare antivirus efforts.
Meanwhile, two technologies in Vista--Address Space Layout Randomization and Data Execution Prevention--can help minimize the damage from an attack on a vulnerability in antivirus software, say by crashing the program to prevent a server compromise, Xue said.
Full Story