ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Security threats Toolkit

Viruses Zipped into clever disguises

Munir Kotadia ZDNet Australia

Published: 19 Oct 2004 11:30 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security researchers have discovered that most consumer antivirus programs contain a vulnerability that allows malware writers to construct a virus file in such a way that it is undetectable by many of the most common antivirus applications, according to US-based security Intelligence firm iDEFENSE.

According to iDEFENSE, the problem stems from the method used by antivirus software to scan compressed files and affects applications from McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV.

By manipulating the physical size of a compressed malicious file, without affecting the file's functionality, virus writers can send users an infected file that will not be detected by many antivirus programs.

"An attacker can compress a malicious payload and evade detection by some antivirus software by modifying the uncompressed size within the local and global headers… Successful exploitation allows remote attackers to pass malicious Payloads … without being detected," the advisory warns.

According to iDEFENSE the biggest problem is that users will be more likely to open an attachment if the antivirus software has scanned it and pronounced it safe.

"Users with up-to-date antivirus software are more likely to open attachments and files if they are under the false impression that the archive was already scanned and found to not contain a virus," the advisory said.

All companies mentioned except Sophos and RAV have confirmed their products are vulnerable and have either already published or are close to publishing an update to fix the problems.

iDEFENSE said the latest products from Symantec, Bitdefender, Trend Micro and Panda are not vulnerable.

However in a separate advisory by security Web site Secunia, a number of Symantec's products were found to be vulnerable to an alternative threat.

ZDNet Australia's Munir Kotadia reported from Sydney. For more coverage from ZDNet Australia, click here.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
50 out of 108 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Related Jobs

IT Support Analyst, 35k - 45k, Dublin

Senior IT Network Systems Engineer

UK BASED FIELD INSTALLATION ENGINEER

Sentry Posts Blog

Nasa hacker loses last-ditch appeal

Self-confessed Nasa hacker Gary McKinnon has lost his appeal to Home Secretary Jacqui Smith against extradition to the US. In an email sent to ZDNet.co.uk on Monday, McKinnon's... More

1 comment

Up to 1.7m MoD personal details missin...

The potential number of people affected by the the loss of a hard disk containing MoD details could be a high as 1.7 million, defence minister Bob Ainsworth told parliament on Monday. In... More

Post a comment

Toshiba touts Quantum Key Distribution

Toshiba research scientists have developed a method of distributing quantum keys more efficiently, the company has claimed in a statement: "[Quantum Key Distribution -- ] QKD --... More

Post a comment

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers