ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Viruses Zipped into clever disguises

Munir Kotadia ZDNet Australia

Published: 19 Oct 2004 11:30 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Security researchers have discovered that most consumer antivirus programs contain a vulnerability that allows malware writers to construct a virus file in such a way that it is undetectable by many of the most common antivirus applications, according to US-based security Intelligence firm iDEFENSE.

According to iDEFENSE, the problem stems from the method used by antivirus software to scan compressed files and affects applications from McAfee, Computer Associates, Kaspersky, Sophos, Eset and RAV.

By manipulating the physical size of a compressed malicious file, without affecting the file's functionality, virus writers can send users an infected file that will not be detected by many antivirus programs.

"An attacker can compress a malicious payload and evade detection by some antivirus software by modifying the uncompressed size within the local and global headers… Successful exploitation allows remote attackers to pass malicious Payloads … without being detected," the advisory warns.

According to iDEFENSE the biggest problem is that users will be more likely to open an attachment if the antivirus software has scanned it and pronounced it safe.

"Users with up-to-date antivirus software are more likely to open attachments and files if they are under the false impression that the archive was already scanned and found to not contain a virus," the advisory said.

All companies mentioned except Sophos and RAV have confirmed their products are vulnerable and have either already published or are close to publishing an update to fix the problems.

iDEFENSE said the latest products from Symantec, Bitdefender, Trend Micro and Panda are not vulnerable.

However in a separate advisory by security Web site Secunia, a number of Symantec's products were found to be vulnerable to an alternative threat.

ZDNet Australia's Munir Kotadia reported from Sydney. For more coverage from ZDNet Australia, click here.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Kyocera

Did you find this article useful?
49 out of 106 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Related Jobs

Business Intelligence - Designer

Proactively identifying opportunities to improve and rationalise applications and processes across the whole BI team, working in close collaboration ...

Systems Administrator / 2nd Line Support, Deeside, 20,000

Technical Requirements: - Exchange support & maintenance - Windows Server 2003 support & maintenance - Backup Exec - Proxy/Firewall/VPN - Antivirus & ...

J2EE/Java Developer eCommerce, J2EE, JSP, Struts, SQL, UML

Salmon is headquartered in Watford, Hertfordshire and has offices in US, China and Australia. Performing the maintenance and modification of programs ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Biometric devices. Do you need one?

When saying “biometrics” I am not thinking about law enforcement, AFIS systems, national ID and visa projects. I first think about personal solutions that will make my life easier.... More

1 comment

Barracuda launches counter-suit agains...

Court cases are never pleasant or simple. The ongoing battle between security companies Trend Micro and Barracuda Networks took a new twist on Wednesday, when Barracuda launched a counter-suit... More

Post a comment

Mobile Speed Demon: Wireless Surpasses...

Mobile Speed Demon: Wireless Surpasses Landline Author: Eric Everson, Founder MyMobiSafe.com As I look around my house and throughout my network of friends, I instantly realize... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers