If you are using AVG, F-Secure (F-Prot), Sophos, ClamAV, BitDefender, Avast or any such easy-to-download antivirus software for your PC, it's time you sat up and took notice. An information security company set up by IIT Kharagpur engineers has found hackers using these antiviruses to break into the system.
"An attacker first crafts an email with malicious payload and sends it to the target user. When the email is scanned by the vulnerable antivirus software it either crashes the antivirus software or executes arbitrary code resulting in complete security bypass and remote system compromise," said iViZ vice-president (head of product management & marketing) Bala Girisaballa.
Home PCs apart, companies and businesses in banking, finance and insurance, IT/ITES and consulting, online retail, e-commerce, manufacturing, telecommunications and R&D are highly susceptible to such risks. If the antivirus crashes, it can even cause remote system compromise. Attackers can steal information or cause denial of service' condition.
The company's vulnerability research team that conducts extensive research on attack techniques and checks robustness of applications and networks by trying to penetrate them periodically discovered that several popular commercial and open source antivirus software were vulnerable to attacks. Incidentally, iViZ's Green Cloud Security is the world's only on-demand penetration testing for vulnerability.
Using a variety of file fuzzing techniques, the team discovered abnormal behaviour in several security tools when handling complex or unusual executable header data. In such events, multiple bugs were found in antivirus software while processing malformed packed executables. Some of these bugs proved to be security vulnerabilities which could make the antivirus itself as a back door for hackers.
"We work with vendors to help them with details and in developing the solution. The vulnerability is disclosed in public only after coordinating with vendors and ensuring users' safety. The affected antivirus software vendors have been informed of the anomalous behaviour," said iViZ chief executive Bikash Barai. The antivirus companies have to provide the fix to end-users if the application is hacked.
0 comments:
Post a Comment