Researchers Discover New Attack Bypassing Almost All Antivirus Protections


Researchers Discover New Attack Bypassing Almost All Antivirus Protections

Researchers at mactousec.com have discovered a new method that renders almost all antivirus protections useless. Basically it works by a simple bait and switch method, where safe code is sent in that passes the check and before it is executed, swapped with a damaging code. Timing is usually a key factor - switch in too early, and it's detected. Too late, and the original safe code has already been executed. However, it seems that this trick makes use of the multi-threaded processing, as the antivirus program is unable to keep track of other threads running at the same time, according to the researchers.

theregister.co.uk - Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender.

The method, developed by software security researchers at matousec.com, works by exploiting the driver hooks the anti-virus programs bury deep inside the Windows operating system. In essence, it works by sending them a sample of benign code that passes their security checks and then, before it's executed, swaps it out with a malicious payload.

Full article here, including more information on its limitations and weaknesses of the exploit.

 

All News Categories

News for Past 12 Months

Subscribe to HWZ Here!

Subscribe now to receive latest tech news, articles and promotions straight to your inbox!
 
 
By signing up, you indicate that you have read and agreed to the and .