Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Anti-Virus Software now with Security Flaw

We use anti-virus software for keeping us protected from malicious programs of all kinds lurking online; however, deceitful cyber-criminals have been found using such software to obtain their sinister objectives. This is so when they misuse AV programs' "retrieve from quarantine" option which has been the case with several anti-viruses lately.

The vulnerability, which Florian Bogner security auditor from Austria uncovered, is named AVGater. Using this loophole leads to relocation of a malicious program from the folder of 'anti-virus quarantine' into some vulnerable place on the victim's PC.

Attached to Kapsch, Bogner claims to have notified all anti-virus suppliers whose products had the flaw. A few vendors subsequently prepared and released the updates which take care of the problem. These vendors are Kaspersky, Ikarus, Emisoft, ZoneAlarm, Trend Micro and Malwarebytes. Techspot.com posted this, November 13, 2017.

Although over intervals of time, we come across such exploits, it doesn't mean end-users shouldn't load anti-virus solutions since they continue to be an extremely good means of maintaining safety of computers against malicious software and other problems.

Incidentally, the described kind of attack poses risk to industrial computers in the maximum possible way. Hence, to provide a most uncomplicated plug-in to the loophole Bogner suggests deactivating "restore from quarantine" option for industrial computers.

In a penetration testing, Bogner used one typical phishing e-mail methodology involving malware to infect clients' computers. The anti-virus software, as expected, quarantines the malware, and so he abuses the loophole within the software which lets disadvantaged end-users retrieve the quarantined or simply said isolated file. Bogner then meddles with the 'NTFS file junction point' feature in Windows computer that lets him transfer the quarantined malicious program onto some privileged directory he chooses like some folder inside C:\Windows or C:\Program Files. This same technique also exploits the search order facility namely Dynamic Link Library that lets the malware be executed with full advantages.

Since AVGater can be used only if attackers can physically access a PC, Bogner suggests users towards maintaining their anti-virus software updated to ward off the vulnerability's impact, and for industrial PCs, towards disabling the option of "retrieve from quarantine."

ยป SPAMfighter News - 20-11-2017

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page