[dba-Tech] FYI: Anti-Virus Can Be Tricked By Hackers

John Bartow john at winhaven.net
Wed Oct 20 09:20:25 CDT 2004


FYI: From Internet Week.com

Anti-Virus Can Be Tricked By Hackers

By TechWeb News , InternetWeek
Oct 19, 2004 (7:00 PM)
URL: http://www.internetweek.com/story/showArticle.jhtml?articleID=50500905

The anti-virus detection engines of several big-name vendors, including
McAfee and Computer Associates, can be fooled by hackers, a U.S.-based
security intelligence firm warned Tuesday.

According to an advisory posted by iDefense, a Reston, Va.-based
vulnerability intelligence provider, the bug could let hackers slip their
malicious code past the anti-virus defenses thrown up by McAfee, Computer
Associates, Kaspersky Labs, Sophos, Eset, and RAV. (The last in the list,
RAV, is the anti-virus technology that Microsoft acquired in 2003.)


Attackers who craft ZIP files with modified header data can pass malicious
payloads past these engines, said iDefense in the online warning. The
problem exists both in .zip files created with WinZIP and Windows' own
Compressed Folders feature.


"Most anti-virus engines have the ability to scan content packaged with
compressed archives," wrote iDefense in the advisory. "As such, users with
up-to-date anti-virus software are more likely to open attachments and files
if they are under the false impression that the archive was already scanned
and found to not contain a virus."


The most current AV engines of the six vendors are all vulnerable, said
iDefense, and it pointed to updates and/or comments from some of the
half-dozen on its Web site.


iDefense also confirmed that the latest AV engines from rivals Symantec,
Bitdefender, Trend Micro, and Panda are not vulnerable to this exploitation
avenue



More information about the dba-Tech mailing list