New Virus Risk: Anti-Virus Software?
A story on the TechWeb news site today reports that Kaspersky Lab's antivirus software can be defeated if you feed it a specially malformed .cab file. (Microsoft uses .cab files -- that three-letter extension stands for "cabinet" -- to store components of Windows and other applications in compressed form.)
This vulnerability falls under the category of "buffer overflow" attacks, where the attacker tries to crash a program by making it process a too-large piece of data. When the crash occurs, the attacker can run his or her own malicious program in the same chunk of memory the target program had occupied. (The "no execute" virus protection offered by Microsoft's Service Pack 2 update to Windows XP -- when run on certain Intel and AMD processors -- is designed to thwart these attacks,
but it's unclear whether it does with Kaspersky's software.)
The Moscow-based company has confirmed this vulnerability in a press release issued today. It says that "no attempts to create and distribute such exploits have been recorded to date," but "Kaspersky Lab experts are currently developing an emergency update of the company's antivirus products."
Kaspersky's software is used in several other companies' security products. Consult its list to see if your antivirus program comes from one of these Kaspersky partners.
Washington Post consumer technology editor
By
Brian Krebs
|
October 4, 2005; 4:23 PM ET
Categories:
Latest Warnings
Save & Share:
Previous: HP's Dubious Move to Netscape
Next: Firefox (Site) Hacked
Posted by: Peter Paul Sadlon | October 5, 2005 12:38 PM | Report abuse
Or thinking about it further, it also goes to prove the the antivirus virus risk problem is not limited to one delivery system be it on the same or a different vendor's software.
Posted by: Anonymous | October 5, 2005 12:44 PM | Report abuse
this site is good!
Posted by: ava | October 7, 2005 4:19 PM | Report abuse
The comments to this entry are closed.
Anyone who's used computer long enough knows that the antivirus software virus risk is not a new thing. I've seen plenty of viruses co-opt Norton AV and use it to spread across a system unchecked in my day. That Kaspersky Lab's software has been compromised just goes to prove the problem is not limited to one vendor.