Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Flaw Found In Virtually All AV Software

Posted by Soulskill on from the if-only-there-were-something-more-monolithic-to-blame dept.

Securityemo writes "The Register is running an article about a new method to bypass antivirus software, discovered by Matousec. By sending benign code to the antivirus driver hooks, and switching it out for malicious code at the last moment, the antivirus can be completely bypassed. This attack is apparently much more reliable on multi-core systems. Here's the original research paper." El Reg notes that "The technique works even when Windows is running under an account with limited privileges," but "it requires a large amount of code to be loaded onto the targeted machine, making it impractical for shellcode-based attacks or attacks that rely on speed and stealth. It can also be carried out only when an attacker already has the ability to run a binary on the targeted PC."

1 of 279 comments (clear)

  1. Re:Found In Virtually All AV Software by WaroDaBeast · · Score: 0, Redundant

    ESET Smart Security 4.2.35.3

    Eset Smart Security's latest version is 4.2.40.1! That so-called study is therefore completely irrelevant! HAH!

    --
    "The body may heal, but the mind is not always so resilient." -- Deus Ex: Human Revolution