Antivirus Software Can Provide Backdoor Entry to Hackers

Information security firm iViZ has explored new vulnerability classes in several well-known open-source and commercial antivirus software. It revealed that these flaws can allow the cyber criminals to gain remote access to the PCs using these antivirus software.

Bala Girisaballa, Vice President of iViZ, detailed on the way a hacker can attack an apparently patched PC by exploiting the vulnerabilities in its antivirus software. Firstly, the hacker sends an e-mail loaded with malicious codes to the targeted user. When the vulnerable antivirus software scans this e-mail, it either gets crashed or ends in executing illogical code. This leads hacker to trick the security check and consequently, the PC gets hacked, as reported by MarketWatch on December 11, 2008.

Using various "file fuzzing" techniques, the research team at iViZ observed that many security tools behaved in a strange manner, particularly while handling rare or complex executable header data. Also, during the processing of executables loaded with malicious codes, several bugs were discovered in the antivirus software. Some of them were recognized as security vulnerabilities, which could provide the hackers backdoor entry.

The affected software included Sophos, AVG, F-Secure (F-Prot), BitDefender, ClamAV and Avast. iViZ revealed that the list could include certain other security software also.

The firms told that before disclosing publically, affected security vendors were made aware of the vulnerability details. Bikash Barai, Chief Executive Officer of iViZ, stated that the firm revealed these vulnerabilities publically only after coordination with the vendors and ensuring the safety of their users, as reported by The Financial Express on December 11, 2008.

Bikash added that the proof of concept exploits that actually displaying such attacks were not released publically. This was done to prevent the cyber criminals from exploiting the research for malicious purposes.

Firms and businesses related to finance and insurance, banking, online retail, IT/ITES and consulting, manufacturing, e-commerce, telecom, media and R&D are highly prone to such risks. Consequently, they should adopt proper measures to ensure their security.

Experts at iViZ recommended the companies to carry out regular penetration testing, which will assist them in fighting strongly against the constantly emerging threats and vulnerabilities.

Related article: Antivirus Performance Declined in Comparison to 2006

» SPAMfighter News - 12/23/2008