Hackers using anti-virus to sneak into computers

The enemy gets more and more sophisticated

by Michael Smith

Anyone who is using AVG, F-Secure (F-Prot), Sophos, ClamAV, BitDefender, Avast or any such easy-to-download anti-virus software for your PC, better sit up and took notice, according to information from India..

An information security company set up by IIT Kharagpur engineers has that found hackers have begun using and are able to use these anti-virus programs to break into the system.

"An attacker first crafts an email with malicious payload and sends it to the target user. When the email is scanned by vulnerable anti-virus software this malicious payload either crashes the anti-virus software or executes arbitrary code resulting in complete security bypass and remote system compromise," said iViZ vice-president (head of product management & marketing) Bala Girisaballa.

Home PCs apart, companies and businesses in banking, finance and insurance, IT/ITES and consulting, online retail, e-commerce, manufacturing, telecommunications and R&D are highly susceptible to such risks. If the anti-virus crashes, it can even cause remote system compromise. Attackers can steal information or cause denial of service' condition.

The company's vulnerability research team that conducts extensive research on attack techniques and checks robustness of applications and networks by trying to penetrate them periodically discovered that several popular commercial and open source antivirus software were vulnerable to attacks. Incidentally, iViZ's Green Cloud Security is the world's only on-demand penetration testing for vulnerability.

Using a variety of file fuzzing techniques, the team discovered abnormal behavior in several security tools when handling complex or unusual executable header data. In such events, multiple bugs were found in anti-virus software while processing malformed packed executables. Some of these bugs proved to be security vulnerabilities which could make the anti-virus itself as a back door for hackers.

"We work with vendors to help them with details and in developing the solution. The vulnerability is disclosed in public only after coordinating with vendors and ensuring users' safety. The affected anti-virus software vendors have been informed of the anomalous behavior," said iViZ chief executive Bikash Barai. The anti-virus companies have to provide the fix to end-users if the application is hacked.

iViZ has developed the world's first artificial intelligence based human hacker simulation' technology to find all possible attack paths by which intruders can compromise applications and networks. The technology has won recognition from
Intel, University of California, Berkeley, London Business School, US Navy, US Homeland Security, Red Herring and Nasscom.

Acknowledging applications like anti-virus software were increasingly becoming more vulnerable, Digital Security Council of India CEO Kamlesh Bajaj felt enough attention was not being paid to secure coding practices.

Let us hope that especially those that write the anti-virus and general anti-malware software take heed here and do some rethinking of their coding practice.

Also, I would always suggest that one does not reply in just one application to secure one's PC or system but that one have a variety of anti-malware software running.

While it is more often than not not advisable to run more than one anti-virus program there are some that do not interfere with the running of others and can provide a real top level of protection. Remembering though that there is no such thing as 100% security.

One of those that I have found that works extremely well in conjunction with other is ThreatFire from PC Tools and it is a combination of various tools that, at the highest security setting, while a pain in the behind, I am sure, for some users, can provide a real added protection.

My findings of that program, combined with others, all updated several times daily, seem to be keeping my system clean. However, they also suck resources, that is sure.

However, if you want the best security when surfing then you may have to accept your system to be a little slower than some others. It is a question of security versus speed and if it comes to that question security, with me at least, always wins.

Those that can and want I would advise they change their operating system from Microsoft Windows to one or the other Linux distribution. This is not to say that Linux could never be hacked or attacked; only that there are very few viruses out there that work on Linux and also the fact that Linux works different to Windows.

The choice is there...

© M Smith (Veshengro), January 2009