Your antivirus can be the cause of malware on your computer -


Post Top Ad

Post Top Ad

Saturday, 18 November 2017

Your antivirus can be the cause of malware on your computer

Do you know what causes you to have malware ? Although it may seem strange the cause can be your antivirus. Antivirus programs must keep us safe from all the malware that floats on the network, but hackers have always been known to use any software to achieve their purposes. The last example of this practice is to use the function "restore from quarantine" present in multiple antivirus.

A malware by an antivirus?

Florian Bogner, security auditor based in Austria, discovered the vulnerability and called it AVGater . It essentially works by relocating malware from an antivirus quarantine folder to a sensitive location on the victim's system.

Bogner, who works for Kapsch , says he has notified vendors of all antivirus programs that contained this bug. Some of the companies have published updates that address the problem, including companies such as Emisoft, Ikarus, Kaspersky, Malwarebytes, Trend Micro and ZoneAlarm .

Your antivirus can be the cause of you having a malware

While performing the penetration tests, Bognor infected the client's PCs using a traditional phishing email technique . The malware would be quarantined by the antivirus program, and he would take advantage of software vulnerabilities that allowed quarantined files to be restored.

Abusing a Windows feature called an NTFS file attachment point allowed you to retransmit the file to a privileged directory of your choice, such as a folder within C: \ Program Files or C: \ Windows. The method also abuses the Dynamic Link Library search order function. The malware could then run with full privileges

The most significant limitation of AVGater is that it requires that attackers have physical access to a machine , but this could be a big problem for shared equipment environments.

Bogner says that the best way to prevent AVGater from affecting you is to keep your antivirus programs updated, which is always good advice. For the users of the companies, it is suggested to eliminate the possibility of restoring files from the quarantine.

If you found this article interesting, do not forget to comment and leave us your opinion about the cause of having a malware on your PC.

No comments:

Post a Comment

Post Top Ad