iViZ, an information security company that offers "Green Cloud Security", has discovered new classes of vulnerabilities in many popular commercial and open source anti-virus software. The company states that these vulnerabilities can potentially allow attackers to gain access to systems using such antivirus software.
According to iViZ, an attacker can craft an e-mail with malicious code that can crash the vulnerable anti-virus and bypass the computer's local security solution.
The iViZ "Green Cloud Security" Vulnerability Research team , using a variety of "file fuzzing" techniques discovered abnormal behavior in several security tools -- especially when handling complex or unusual executable header data. Multiple bugs were found in antivirus software while processing malformed packed executables as well.
Some of these bugs proved to be security vulnerabilities, which could make the antivirus itself a back door for hackers.
The affected software included popular commercial and open source anti-virus software such as AVG, F-Secure (F-Prot), Sophos, ClamAV, BitDefender and Avast. It stated that the list could include other security-based software as well.
iViZ experts advised businesses to perform regular and periodic penetration testing as it can help them combat constantly evolving vulnerabilities and threats.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment