Embedded Files
Post date: May 14, 2010 10:57:54 PM
Almost all known anti-virus PC security suites are vulnerable to the bait-and-switch attack which cloaks attack code from security scanners.
Security firm Matousec said it has discovered a vulnerability affecting almost all known security software. Malware can bait-and-switch security scanners, using unsuspicious system-level calls that get a secure green light, and then altering the calls to include attack code before they get executed.
According to Matousec’s advisory, "the results can be summarized in one sentence: If a product uses SSDT [system service descriptor table ] hooks or other kinds of kernel-mode hooks on a similar level to implement security features, it is vulnerable. In other words, 100% of the tested products were found vulnerable."
Tested products included all major antivirus vendors PC security suites, such as Kaspersky Internet Security 2010, McAfee Total Protection 2010, Norton Internet Security 2010, Sophos Endpoint Security and Control 9.0.5 and Trend Micro Internet Security Pro 2010.
At issue is hooking -- the prevailing technique that security software uses to protect a PC. Security suites often "hook" into the operating system at the user level, which Matousec said is inherently unsafe, or else lower down in the stack, through Windows DLL (dynamic link library) files, evaluating all calls and only allowing through ones they deem safe, thus preventing malicious processes or applications from running.
Web applications linked to databases frequently are the culprit in external database hacks....................
By Mat Schwartz
May 11, 2010 09:53 AM
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=224701493
Page updated
Google Sites
Report abuse