Kaspersky, AVG, Symantec, Microsoft Afetados pelo Código Hooking Bug

Está 2016! Vamos olhar além do antivírus para proteção contra malware avançado

Security researchers at enSilo have come to some shocking conclusions in terms of the hooking and injection methods employed by various vendors. Their research started in 2015 when they noticed an injection issue in AVG. Mais tarde, they found similar problems in McAfee and Kaspersky products.

The further the pesquisa went, the more troublesome the results were getting. The bottom line is that six vulnerabilities have been exposed in the way that some quite big vendors handle the code hooking technique. These vulnerabilities make the software prone to malware and eventually to the exploit of the targeted device.

Primeiro, What Is Code Hooking?

Hooking is a technique used by software, such as products that do virtualization, sandboxing and performance monitoring, to monitor and/or change the behavior of operating system functions in order to operate effectively.

Code hooking is very critical for the establishment of security products and antivirus software.

It’s particularly critical for security products. AV programs typically employ hooking to allow it to monitor for malicious activity on a system. The average anti-exploitation tool monitors memory allocation functions in order to detect vulnerability exploitation. A security bug in the hooking function makes the system vulnerable to compromise.

relacionado: Produtos da Symantec culpado de carga de múltiplas falhas graves

Such vulnerability gives the attacker a way to bypass the OS and third-party exploit mitigations, enSilo experts explain. Thanks to this, the attacker can easily leverage the flaw which would otherwise be much more difficult, and exploit it successfully. The worst of these vulnerabilities would allow the attacker to endure on the victim’s machine and stay undetected. He would also be able to inject code into any system process.

Which Anti-Virus Products and Software Vendors Are Exposed to Code Hooking Vulnerabilities?

  • Microsoft’s hooking engine, Detours. From “Under commercial release for over 10 anos, Detours is licensed by over 100 ISVs [independent software vendors] and used within nearly every product team at Microsoft.
  • AVG
  • Kaspersky
  • McAfee
  • Symantec
  • A major AV vendor
  • BitDefender
  • Citrix XenDesktop
  • WebRoot
  • Emsisoft
  • Vera

Esperavelmente, Microsoft is the most popular hooking engine in the world which is used by more than 100 ISVs. This means that millions of users could be affected. Na maioria dos casos, fixing this issue will require recompilation of each product individually which makes patching extremely hard.

The enSilo team has been notifying all of the above-mentioned vendors throughout the past 8 meses. It’s crucial to note that companies running affected software should get patches directly from the vendors, se disponível. If patches are not available yet, the company should demand them immediately.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerenciador de conteúdo que foi com SensorsTechForum desde o início. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

limite de tempo está esgotado. Recarregue CAPTCHA.

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar