Having exploited scores of security measures adopted by experts to make IT networks secure, hackers have started riding on antivirus software as well to sneak into computers and networks.
iViZ, an Indian information security company that offers penetration and vulnerability testing for Applications and Networks has just discovered a new technique that hackers and e-criminals are using these days to break into computers -- crashing the antivirus software itself.
iViz says hackers have developed codes that can make antivirus software crash and create a loophole in the network, which then can be used to nestle a malicious code in a computer. The company says that so far, it has spotted 6 popularly used antivirus software products, both commercial and open source, which hackers have been able to break into. These are AVG, F-Secure (F-Prot), Sophos, ClamAV, BitDefender and Avast.
Explaining how hackers trespass a seemingly secure system and break into it by exploiting its antivirus software, Bala said that an attacker crafts an email with malicious payload first and sends it to the target user. As the vulnerable antivirus software scans the email, the malicious code crafted specifically to exploit that antivirus, either crashes the antivirus software or executes an arbitrary code, to go around security and implant another malicious code into the computer.
"Once this malicious code is nestled in a computer, the attackers can use it to steal information or cause a denial of service 'condition," said Bala Girisaballa, vice-president (head of product management & marketing), iViz
A dedicated research team at iViz, which conducts extensive research on attack techniques and checks robustness of applications and networks stumbled upon the vulnerabilities by trying to penetrate networks protected by popular commercial and open source antivirus software products.
Using a variety of file fuzzing techniques, the team discovered abnormal behavior in these products while handling complex or unusual executable header data, especially in the case of executables packed with 3rd party packers like UPX, FSG etc.
Multiple bugs were found in those six antivirus software, some of which proved to be vulnerable enough to make the antivirus itself a back door for hackers. "So far we have come across six that we have named, but there may be more which we haven't been able to identify yet," says Bala. "The makers of the affected antivirus software vendors have been informed. Many admitted [the problem] but we have also faced denial."
According to iViz, although home computers are affected most by this breach, companies and businesses, as well as government departments are also highly susceptible to its risks.
Indeed, e-criminals always manage to remain a step ahead, don't they? And their turf keeps expanding not sparing even the big-daddy security experts. For instance, yesterday, in another shocking revelation Microsoft announced that there is a security flaw in its Internet Explorer 7, the world's most popular Web browser.
This flaw, like those in antivirus products allows criminals to take control of computers and steal personal information. "We are actively investigating the vulnerability that these attacks attempt to exploit," Microsoft said in a statement. "We will continue to monitor the threat environment and update this advisory if this situation changes."
Microsoft added that about 0.2 per cent of Internet Explorer users have already been affected by the flaw.
Poster by Oliver Hammond. Creative Commons License Attribution-Noncommercial-Share Alike 2.0 Generic.
