New Virus Risk: Anti-Virus Software?
A story on the TechWeb news site today reports that Kaspersky Lab's antivirus software can be defeated if you feed it a specially malformed .cab file. (Microsoft uses .cab files -- that three-letter extension stands for "cabinet" -- to store components of Windows and other applications in compressed form.)
This vulnerability falls under the category of "buffer overflow" attacks, where the attacker tries to crash a program by making it process a too-large piece of data. When the crash occurs, the attacker can run his or her own malicious program in the same chunk of memory the target program had occupied. (The "no execute" virus protection offered by Microsoft's Service Pack 2 update to Windows XP -- when run on certain Intel and AMD processors -- is designed to thwart these attacks,
but it's unclear whether it does with Kaspersky's software.)
The Moscow-based company has confirmed this vulnerability in a press release issued today. It says that "no attempts to create and distribute such exploits have been recorded to date," but "Kaspersky Lab experts are currently developing an emergency update of the company's antivirus products."
Kaspersky's software is used in several other companies' security products. Consult its list to see if your antivirus program comes from one of these Kaspersky partners.
Washington Post consumer technology editor
Posted by: Peter Paul Sadlon | October 5, 2005 12:38 PM | Report abuse
Posted by: Anonymous | October 5, 2005 12:44 PM | Report abuse
Posted by: ava | October 7, 2005 4:19 PM | Report abuse
The comments to this entry are closed.