Computer Hacker

If you are using AVG, F-Secure (F-Prot), Sophos, ClamAV, Bit Defender, Avast, NOD32 or any such easy to download antivirus software for your PC, its time you sat up and took notice. An information security company setup by IIT Kharagpur engineers has found hackers using antivirus to break into the system.

“An attacker first crafts an email with malicious payload and sends it to the target user. When the email is scanned by the vulnerable anitivirus, it either crashes the antivirus software or executes arbitrary code resulting in complete security bypass and remote system compromise,” said iViZ Vice President Bala Girisaballa.

Home PCs apart, companies and business in banking, finance and insurance, IT/ITES and consulting, online retail, ecommerce, manufacturing, telecommunications and R&D are highly susceptible to such risks. If the antivirus crashes it can even cause remote system compromise. Attackers can steal information or cause ‘Denial of Service’ condition.

The company’s vulnerability research team that conducts extensive research on attack techniques and checks robustness of applications and networks by trying to penetrate them periodically discovered that several popular commercial and open source antivirus software were vulnerable to attacks. Incidentally, iViZ’s Green Cloud Security is the world’s only on-demand penetration testing for vulnerability.
Continue reading →

Popularity: 17% [?]