Network News

X My Profile
View More Activity

New Virus Risk: Anti-Virus Software?

A story on the TechWeb news site today reports that Kaspersky Lab's antivirus software can be defeated if you feed it a specially malformed .cab file. (Microsoft uses .cab files -- that three-letter extension stands for "cabinet" -- to store components of Windows and other applications in compressed form.)

This vulnerability falls under the category of "buffer overflow" attacks, where the attacker tries to crash a program by making it process a too-large piece of data. When the crash occurs, the attacker can run his or her own malicious program in the same chunk of memory the target program had occupied. (The "no execute" virus protection offered by Microsoft's Service Pack 2 update to Windows XP -- when run on certain Intel and AMD processors -- is designed to thwart these attacks,
but it's unclear whether it does with Kaspersky's software.)

The Moscow-based company has confirmed this vulnerability in a press release issued today. It says that "no attempts to create and distribute such exploits have been recorded to date," but "Kaspersky Lab experts are currently developing an emergency update of the company's antivirus products."

Kaspersky's software is used in several other companies' security products. Consult its list to see if your antivirus program comes from one of these Kaspersky partners.

-- Rob Pegoraro
Washington Post consumer technology editor

By Brian Krebs  |  October 4, 2005; 4:23 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: HP's Dubious Move to Netscape
Next: Firefox (Site) Hacked

Comments

Anyone who's used computer long enough knows that the antivirus software virus risk is not a new thing. I've seen plenty of viruses co-opt Norton AV and use it to spread across a system unchecked in my day. That Kaspersky Lab's software has been compromised just goes to prove the problem is not limited to one vendor.

Posted by: Peter Paul Sadlon | October 5, 2005 12:38 PM | Report abuse

Or thinking about it further, it also goes to prove the the antivirus virus risk problem is not limited to one delivery system be it on the same or a different vendor's software.

Posted by: Anonymous | October 5, 2005 12:44 PM | Report abuse

this site is good!

Posted by: ava | October 7, 2005 4:19 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company