researchers of the Technical University of Braunschweig and the Georg-August-Universität Göttingen have the possibility of dealing with, to use (PDF) anti-virus software for cyber attacks. According to them, files on target computers can be changed, by signature-based malware scanners as dangerous are classified and then deleted, or at least useless made that they reported as Bleeping computer .
security software evaluated possible malicious programs including use of virus definitions. While scanning files on certain patterns are then compared with the existing malware signatures. If there is a match, the file as malware is classified and deleted, or moved to quarantine.
the researchers team succeeded in turn, to inject copies of this malware signatures in legitimate files so that they are recognized as harmful. An attacker could in this way the anti-virus software on a target system get to destroy legitimate data or at least temporarily useless do to harm, for example, a company’s business operations.
this approach out of the researchers of three attack methods that they have tested with five malware scanners, including the open-source product ClamAV and four commercial products referred to unspecified developed. For one, a so-called “anti virus assisted attack” can be used to remove log files from applications, with the aim to disguise the guessing of a password entry attempts. On the other hand, data such as emails from users can be delete in this way. According to the researchers, but also Web-based attacks are facilitated by the targeted deletion of cookies.
Vesselin Bontchev, one of the developers of malware scanning engine F-Prot, classifies the risks, however, as low by antivirus of assisted attacks. Since the early of nineties, are antivirus programs no longer exclusively on malware signatures and used additional techniques to detect malicious software.
“today significantly more advanced methods are used. In some cases, ‘Scan Strings’ are no longer used. Usually serve as an indication for the scanner to use its more advanced but slower detection algorithms only”scan strings, added Bontchev.
in addition the expert doubts that the attacks described by German researchers implement can actually in practice. “Is this how viable? Well, against ClamAV and similar bad products, it is certainly possible. But against better made products?”
get to know the building blocks of enterprise cloud platform in this audio Webinar. Learn how to achieve maximum freedom and flexibility for your applications. More outcome achieved with less input – specific application examples. [Update: the webinar has already occurred.] Register now and look at the record.
: how well do you know the story of viruses? Check your knowledge – with 15 questions on silicon.de .