![]() ![]() Spybot: Search & Destroy 1.6.2 (07-12-2011): Application to scan for spyware, adware, hijackers and other malicious software (Windows Freeware).RootkitRevealer 1.7.1: Rootkit Revealer is an advanced patent-pending root kit detection utility (Windows Freeware).Remove Fake Antivirus 1.82: A tool to remove virus/malware which disguises itself to be an antivirus and produces fake alert/warnings and urge you to purchase a useless copy of the fake antivirus (Windows Freeware).Malwarebytes Anti-Malware 1.51.1 (07-12-2011): Anti-malware application that can thoroughly remove even the most advanced malware (Windows Freeware).GMER 1.0.15: Hidden services, hidden registry, hidden file scanner, Rootkit Detector and Remover (Windows Freeware).Dr.Web CureIt! Antivirus: A free standalone anti-virus and anti-spyware on-demand scanner (downloadable) (Windows Freeware).ComboFix (07-12-2011): Designed to cleanup malware infections and restore settings modified by malware (Windows Freeware).ClamWin Free Antivirus 0.97.3 (07-12-2011): A free antivirus, GNU GPL Open Source Virus Scanner (Windows Freeware).Avira AntiVir Personal (07-12-2011): Free anti-virus and anti-spyware on-demand scanner, detects and removes more than 50000 viruses and trojans (Windows Freeware).The paper also discusses possible solutions that can be used to mitigate the attack in the existing versions of the antivirus software as well as in the future ones. We have investigated this design vulnerability with several of the major antivirus software products such as Avira, AVG, McAfee, Microsoft, and Symantec and found that they are vulnerable to this new attack vector. Local privilege escalation using this vulnerability is also described. In this paper, we suggest a novel attack vector that targets antivirus updates and show practical examples of how a system and antivirus software itself can be compromised during the update of antivirus software. All antivirus software share a unique characteristic that they must be updated at a very high frequency to provide up-to-date protection of their system. However, there can be another time frame where antivirus solutions may be inactive, namely, during the time of update. Some malware target boot and/or shutdown time when antivirus software may be inactive so that they can perform their malicious activities. The installers then determine the method for further intrusion including antivirus bypassing techniques. Increasingly, most of the modern malware are staged ones in order for them to be not detected by antivirus solutions at the early stage of intrusion. ![]() The common strategies deployed include the use of obfuscated code and staged malware whose first instance (usually installer such as dropper and downloader) is not detected by the antivirus software. This has led to malware that can bypass or subvert antivirus software. In the anti-malware research community, development of techniques for evading detection by antivirus software is an active research area. SUMMARY The security of modern computer systems heavily depends on security tools, especially on antivirus software solutions. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |