New Vulnerability Exploits Antivirus Programs to Install Malware
It is common notion that antivirus software keeps our computers safe from all types of bugs and malware. However, it seems that cybercriminals are hell-bent on changing this belief by using these programs for fulfilling their malicious objectives. As per the findings of Kapsch’s security researcher Florian Bogner, hackers have learned to exploit the Restore from Quarantine feature, and a number of AV solutions have been affected. The flaw has been named AVGater.
Bogner, an Austrian security editor, states that once it is on a system, this vulnerability relocates malware from an AV quarantine folder and stores it to another sensitive location. It is rather surprising that all antivirus programs available nowadays are plagued with this flaw including Kaspersky, ZoneAlarm, Malwarebytes, Emsisoft, Trend Micro and Ikarus to name a few.
To perform penetration testing, Bogner infected clients’ computer with a conventional phishing email method, and then it was identified that the malware got quarantined by the AV program after which he was able to exploit the software’s flaws. The flaws exploited by Bogner allowed unprivileged users to perform restoration of quarantined documents, while these documents could be relayed to a privileges directory of his own choice (e.g., C:\Program Files or C:\Windows) if NTFS file junction feature in MS Windows was exploited.
To read the original article: