• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Get control of your email attachments. Connect all your Gmail accounts and in less than 2 minutes, Dokkio will automatically organize your file attachments. You can also connect Dokkio to Drive, Dropbox, and Slack. Sign up for free.



Page history last edited by Donald Achim 10 years, 1 month ago

A group of security researchers say they've found a workaround for just about every antivirus product on the market today, effectively making Windows-based security programs totally useless.



Security research site Matousec.com recently issued an advisory for a process that allows malware to evade security detection. Note that this doesn't just apply to Microsoft's free Security Essentials software or other freeware antivirus products, but also targets full software packages from industry leaders like Norton, BitDefender and McAfee.


Matousec's Morphing Malware


According to reports, Matousec.com researchers compiled mock malware software with the capability of morphing its shape at any time. The trick? Once a security program discovers the problematic code, the specially-designed malware can actually switch out that code in order to infect the system.

The trick is called an "argument-switch attack," and makes catching viruses about as easy as pinpointing a shape-shifter in a crowd. The tactic is particularly successful on multicore processors, because one thread often fails to keep track of simultaneous threads. In the end, Windows PCs are tricked into allowing the infection to spread.



Thankfully, there are limitations to the exploit. An enormous amount of programming code must be loaded onto the victim PC for it to work. In addition, the attack appears to succeed only when the infected file is executed (launched / run) by a user on the selected machine (whether it's locally or by remote).


Attack Targets All Versions of Windows


The attack doesn't appear to play favorites across the various versions of Windows.

"The research was done on Windows XP Service Pack 3 and Windows Vista Service Pack 1 on 32-bit hardware," Matousec's report says. "However, it is valid for all Windows versions including Windows 7. Even the 64-bit platform is not a limitation for the attack." (Source: seattlepi.com



Surprisingly, researchers say this flaw has been known for years, but that it failed to be fully addressed by security companies because no one seemed capable of taking advantage of the situation. However, as hackers grow ever wiser and their attacks become more sophisticated, the situation will be taken advantage of soon enough.

Comments (0)

You don't have permission to comment on this page.