Beware Anti-Virus Software Hole

  • Thread starter Thread starter DF
  • Start date Start date
D

DF

McAfee, Trendmicro and Kaspersky affected

By Kieren McCarthy, Techworld

The very software designed to protect your system may be used to bring it
down, researchers have discovered.

So far, leading anti-virus software from McAfee, Trendmicro and Kaspersky
has been found to contain a vulnerability in its scanning technology that
can see a network grind to a halt with a full file system and no spare
processing power.

AERAsec has listed McAfee Virus Scan for Linux v4.16.0, Trend Micro
InterScan VirusWall 3.8 Build 1130 and Kaspersky AntiVirus for Linux 5.0.1.0
as definitely containing the hole but warns that other versions will
probably contain the same problem. The issue itself is the decompression
engine included in the software which is using to open archives prior to
being searched for a virus. There are missing limits when bzip2 files are
checked, so an over-large file can be designed to eat up huge amounts of
disk space and processing power - in effect a denial-of-service attack. Huge
files of nothing but, say, zeros can be compressed to a tiny size, making a
malicious attack easy and feasible.
 
McAfee, Trendmicro and Kaspersky affected

By Kieren McCarthy, Techworld

The very software designed to protect your system may be used to bring it
down, researchers have discovered.

So far, leading anti-virus software from McAfee, Trendmicro and Kaspersky
has been found to contain a vulnerability in its scanning technology that
can see a network grind to a halt with a full file system and no spare
processing power.

AERAsec has listed McAfee Virus Scan for Linux v4.16.0, Trend Micro
InterScan VirusWall 3.8 Build 1130 and Kaspersky AntiVirus for Linux 5.0.1.0
as definitely containing the hole but warns that other versions will
probably contain the same problem. The issue itself is the decompression
engine included in the software which is using to open archives prior to
being searched for a virus. There are missing limits when bzip2 files are
checked, so an over-large file can be designed to eat up huge amounts of
disk space and processing power - in effect a denial-of-service attack. Huge
files of nothing but, say, zeros can be compressed to a tiny size, making a
malicious attack easy and feasible.
Click to expand...

lol, more scaremongering.
Yes it's possible, but it's not exactly going to destroy society as we
know it. Anyway resource hogging AVs are nothing new. Norton for
instance has been around for years.

Files are scanned before executed so although this is interesting and
may require a software update for some AVs the systems they protect
are still secure. Although saying that, my hat goes off to them for
thinking up something better this time than that viruses transmitted
through images twoddle.
 
Sounds strange, like a virus hoax, latest version.

1.) No proper name given
2.) "speaking" e-mail address: (e-mail address removed)

Could it be an ad for Aerasec? I won't look at their site!
Or a hungry troll?

Turan
 
Back
Top