Your antivirus software is vulnerable to a new attack
Security researchers say they have found a method to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender.
The method, developed by software security researchers at matousec.com, works by exploiting the driver hooks of the anti-virus programs burried deep inside the Windows operating system.
Most antivirus application uses a system called System Service Descriptor Table (SSDT) to interact with Windows. The new exploit is so effective that virtually all antivirus software have failed to detect it.
| Product name and version | Result |
|---|---|
| 3D EQSecure Professional Edition 4.2 | VULNERABLE |
| avast! Internet Security 5.0.462 | VULNERABLE |
| AVG Internet Security 9.0.791 | VULNERABLE |
| Avira Premium Security Suite 10.0.0.536 | VULNERABLE |
| BitDefender Total Security 2010 13.0.20.347 | VULNERABLE |
| Blink Professional 4.6.1 | VULNERABLE |
| CA Internet Security Suite Plus 2010 6.0.0.272 | VULNERABLE |
| Comodo Internet Security Free 4.0.138377.779 | VULNERABLE |
| DefenseWall Personal Firewall 3.00 | VULNERABLE |
| Dr.Web Security Space Pro 6.0.0.03100 | VULNERABLE |
| ESET Smart Security 4.2.35.3 | VULNERABLE |
| F-Secure Internet Security 2010 10.00 build 246 | VULNERABLE |
| G DATA TotalCare 2010 | VULNERABLE |
| Kaspersky Internet Security 2010 9.0.0.736 | VULNERABLE |
| KingSoft Personal Firewall 9 Plus 2009.05.07.70 | VULNERABLE |
| Malware Defender 2.6.0 | VULNERABLE |
| McAfee Total Protection 2010 10.0.580 | VULNERABLE |
| Norman Security Suite PRO 8.0 | VULNERABLE |
| Norton Internet Security 2010 17.5.0.127 | VULNERABLE |
| Online Armor Premium 4.0.0.35 | VULNERABLE |
| Online Solutions Security Suite 1.5.14905.0 | VULNERABLE |
| Outpost Security Suite Pro 6.7.3.3063.452.0726 | VULNERABLE |
| Outpost Security Suite Pro 7.0.3330.505.1221 BETA VERSION | VULNERABLE |
| Panda Internet Security 2010 15.01.00 | VULNERABLE |
| PC Tools Firewall Plus 6.0.0.88 | VULNERABLE |
| PrivateFirewall 7.0.20.37 | VULNERABLE |
| Security Shield 2010 13.0.16.313 | VULNERABLE |
| Sophos Endpoint Security and Control 9.0.5 | VULNERABLE |
| ThreatFire 4.7.0.17 | VULNERABLE |
| Trend Micro Internet Security Pro 2010 17.50.1647.0000 | VULNERABLE |
| Vba32 Personal 3.12.12.4 | VULNERABLE |
| VIPRE Antivirus Premium 4.0.3272 | VULNERABLE |
| VirusBuster Internet Security Suite 3.2 | VULNERABLE |
| Webroot Internet Security Essentials 6.1.0.145 | VULNERABLE |
| ZoneAlarm Extreme Security 9.1.507.000 | VULNERABLE |
The good news is this- the size of the code needed for this method is large, so it is not possible over a quick download, making this attack unrealistic. However the attackers could use it as part of a software download, for an example Adobe Reader.
The method of this attack is only in theory, for the moment and there hasn’t been any report in the real world at the point of writing. Also the Anti Virus companies have not responded to this yet.
Sphere: Related ContentRelated posts:
That was scary! Is it also applicable in ipad and iphone applications?