Sectors
Companies
About
Subscribe

Anti-virus causes vulnerabilities

From flawed anti-virus software, to anti-spyware that blackmails and online attacks that hold your personal files for ransom, the world of information security is everything but dull.
By Ilva Pieterse, ITWeb contributor
Johannesburg, 02 Jun 2006

It`s not every day anti-virus software is discovered to be sporting a flaw, but here we have it.

Hackers have exposed a fault in Symantec AntiVirus Corporate Edition 10 that can be exploited to gain system-level privileges on a user`s machine. Comprehensive details on this flaw are not known yet, but eEye is labelling it`s severity as "high".

Although Symantec claims it is not aware of the flaw and is suspicious of its existence, users are urged to block external access to their network and not accept or execute files from mistrusted or unknown sources.

Blackmail

Not only is anti-virus software exploitable, but anti-spyware application writers are blackmailing users into buying their products! The clever scam works like this:

Hackers have exposed a flaw in Symantec AntiVirus Corporate Edition 10 that can be exploited to gain system-level privileges on a user`s machine.

Ilva Pieterse, ITWeb contributor

A spyware program lures users by offering free access to pornographic content on the Internet. Once the users bite, their PCs are not only infected with spyware, but have anti-spyware installed at the same time. This immediately warns users that they have been infected.

The anti-spyware only warns the user, however. If they want their systems to be cleaned, they need to purchase the software for $50.

Ransom

Okay, so anti-spyware that blackmails users is pretty sick, but what about an online attack that moves treasured files to a password-protected folder and holds them for ransom?

The password protected file "issues" creepy instructions on how to buy certain drugs from an online store. In exchange for shopping at the store, it says, the victim will receive a password to unblock the protected files.

Russian worm

The latest in the ongoing Russian worm saga is a little creeper named Worm.Win32.Scano.e. The worm is spread via e-mails written in Russian, carrying an attachment in "HTA" format.

Once inside a PC, the worm goes about it business stealing e-mail addresses and sending itself to the contents of the user`s address book. Unfortunately, subject and body are chosen randomly from a list, so users are asked to exercise caution if any e-mail written in Russian is received. Especially if it is from someone that would not normally be communicating in Russian.

Microsoft cares

Microsoft`s OneCare virus eater has gone live. This anti-virus and firewall product targets individual users or small businesses that have no or poor protection in place.

According to research, MS says 70% of its users either have no software or out of date software on their PCs. The product also offers backup software for data protection.

Out with the old

Although MS is helping users with virus protection, it is closing the door on the more archaic Windows versions. MS will no longer be issuing vulnerability patches for anything older than, and including, Windows 98, as of 11 July.

Unfortunately, the only options presented are to either upgrade the operating system (OS), or permanently disconnect from the Internet. Has it really gotten to the point where MS can no longer support older versions of its OS (of which, I am sure, there are countless users)?

Or is this just a way to make more money by forcing its supporters to upgrade to something they don`t necessarily need?

Sources used: The Register, MicroWorld Technologies, News24.com, IOL

Share