John Bartow
john at winhaven.net
Wed Oct 20 09:20:25 CDT 2004
FYI: From Internet Week.com Anti-Virus Can Be Tricked By Hackers By TechWeb News , InternetWeek Oct 19, 2004 (7:00 PM) URL: http://www.internetweek.com/story/showArticle.jhtml?articleID=50500905 The anti-virus detection engines of several big-name vendors, including McAfee and Computer Associates, can be fooled by hackers, a U.S.-based security intelligence firm warned Tuesday. According to an advisory posted by iDefense, a Reston, Va.-based vulnerability intelligence provider, the bug could let hackers slip their malicious code past the anti-virus defenses thrown up by McAfee, Computer Associates, Kaspersky Labs, Sophos, Eset, and RAV. (The last in the list, RAV, is the anti-virus technology that Microsoft acquired in 2003.) Attackers who craft ZIP files with modified header data can pass malicious payloads past these engines, said iDefense in the online warning. The problem exists both in .zip files created with WinZIP and Windows' own Compressed Folders feature. "Most anti-virus engines have the ability to scan content packaged with compressed archives," wrote iDefense in the advisory. "As such, users with up-to-date anti-virus software are more likely to open attachments and files if they are under the false impression that the archive was already scanned and found to not contain a virus." The most current AV engines of the six vendors are all vulnerable, said iDefense, and it pointed to updates and/or comments from some of the half-dozen on its Web site. iDefense also confirmed that the latest AV engines from rivals Symantec, Bitdefender, Trend Micro, and Panda are not vulnerable to this exploitation avenue