New Vulnerability Exploits Antivirus Programs to Install Malware

Haythem Elmir

New Vulnerability Exploits Antivirus Programs to Install Malware

It is common notion that antivirus software keeps our computers safe from all types of bugs and malware. However, it seems that cybercriminals are hell-bent on changing this belief by using these programs for fulfilling their malicious objectives. As per the findings of Kapsch’s security researcher Florian Bogner, hackers have learned to exploit the Restore from Quarantine feature, and a number of AV solutions have been affected. The flaw has been named AVGater.

Bogner, an Austrian security editor, states that once it is on a system, this vulnerability relocates malware from an AV quarantine folder and stores it to another sensitive location. It is rather surprising that all antivirus programs available nowadays are plagued with this flaw including Kaspersky, ZoneAlarm, Malwarebytes, Emsisoft, Trend Micro and Ikarus to name a few.

To perform penetration testing, Bogner infected clients’ computer with a conventional phishing email method, and then it was identified that the malware got quarantined by the AV program after which he was able to exploit the software’s flaws. The flaws exploited by Bogner allowed unprivileged users to perform restoration of quarantined documents, while these documents could be relayed to a privileges directory of his own choice (e.g., C:\Program Files or C:\Windows) if NTFS file junction feature in MS Windows was exploited.
To read the original article:


New Vulnerability Exploits Antivirus Programs to Install Malware

Laisser un commentaire

Next Post


Last year may have been mostly about ransomware, but it’s difficult to forget the billion or so passwords that were spilled in high-profile breaches and credential leaks. Google and researchers from the University of California Berkeley attempted to ease some of that pain, and teamed up to analyze how cybercriminals […]