Researcher Defeats AntiVirus Software with Exploit at Hacker Conference

HACKMIAMI.ORG – (Miami, FL) – HackMiami researcher Jason of n00bz.net revealed a 0day muti-vendor AntiVirus bypass vulnerability at the Hacker Halted conference in Miami last Thursday.

After disclosing the vulnerability to vendors and awaiting a patch release by McAfee, Jason presented the proof of concept methodology at the conference by successfully executing malicious code on target machines that were fully protected by anti virus ‘resident shield’ software.

The principle behind the vulnerability is that although AV software is supposed to alert a user when malicious code is detected and block its execution, the tested AV products only detected the malicious code AFTER it had been executed and loaded to memory. This will result in successful infection of the target machine using any known payload, such as a Zeus trojan.

The flaw resides in the way AV products deal with protocol handlers. A full write up by Jason detailing proof of concept exploitation can be found here.

Vulnerable Anti-Virus Products

CVE-2010-3496 – McAfee – patch available
CVE-2010-3497 – Symantec/Norton – recommends purchasing additional Firewall software (this is like putting a band-aid on a severed limb)
CVE-2010-3498 – AVG – no reply from vendor
CVE-2010-3499 – F-Secure – Working fix into next release

Original Link

Leave a Reply

Your email address will not be published. Required fields are marked *

Show some support!

We are 100% Listener & User supported!! Every little bit helps us continue. Donations help fund the site and keep all the free information on it. Thanks in advance and KEEP UP THE FIGHT!!!

Visitor Map

Subscribe For New Posts & Updates

Enter your email address to subscribe to FederalJack and Popeyeradio and you will receive notifications of new posts by email.

News Categories
The Wigner Effect
Col. L Fletcher Prouty: Secret Team