• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 19th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

New Vulnerability Exploits Antivirus Programs to Install Malware

November 13th, 2017 Waqas Malware, Security 0 comments
New Vulnerability Exploits Antivirus Programs to Install Malware
Share on FacebookShare on Twitter

It is common notion that antivirus software keeps our computers safe from all types of bugs and malware. However, it seems that cybercriminals are hell-bent on changing this belief by using these programs for fulfilling their malicious objectives. As per the findings of Kapsch’s security researcher Florian Bogner, hackers have learned to exploit the Restore from Quarantine feature, and a number of AV solutions have been affected. The flaw has been named AVGater.

Bogner, an Austrian security editor, states that once it is on a system, this vulnerability relocates malware from an AV quarantine folder and stores it to another sensitive location. It is rather surprising that all antivirus programs available nowadays are plagued with this flaw including Kaspersky, ZoneAlarm, Malwarebytes, Emsisoft, Trend Micro and Ikarus to name a few.

To perform penetration testing, Bogner infected clients’ computer with a conventional phishing email method, and then it was identified that the malware got quarantined by the AV program after which he was able to exploit the software’s flaws. The flaws exploited by Bogner allowed unprivileged users to perform restoration of quarantined documents, while these documents could be relayed to a privileges directory of his own choice (e.g., C:\Program Files or C:\Windows) if NTFS file junction feature in MS Windows was exploited.

New Vulnerability Exploits Antivirus Programs to Install Malware

AVGater summary

[fullsquaread][/fullsquaread]

It was also possible to exploit the Dynamic Link Library search order function so that malware could obtain full privileges. A key limitation associated with AVGater is that to launch it attackers need to obtain physical access to a computer and in shared computer environments attack becomes a lot more difficult.

It must be noted that usually, the restore from Quarantine feature doesn’t let a non-administrator to write a document to any other folder but the malware hijacks the NTFS function to perform this task.

According to Bogner, to prevent AVGater, users need to update the antivirus programs installed on their devices. On the contrary, enterprise computer is more at risk to this attack and therefore, Bogner suggests that enterprise users must remove the restore files from quarantine feature for good.

A video was uploaded by Bogner that explains the way this exploit performs its malicious functions while the antivirus software vendors have been notified about the flaw and some already have released security patches to fix the problem.

Source: Bogner | Image Via: Blue Coat Photos

  • Tags
  • hacking
  • Infosec
  • internet
  • Malware
  • Privacy
  • security
  • Technology
  • TROJAN
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article All it took for researchers was a mask to bypass iPhone X Face ID
Next article Homeland Security Hackers Remotely Hack Boeing 757
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
WhatsApp Pink is malware spreading through group chats

WhatsApp Pink is malware spreading through group chats

2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
WhatsApp Pink is malware spreading through group chats
Security

WhatsApp Pink is malware spreading through group chats

A hacker claims to be selling sensitive data from OTP generating firm
Hacking News

A hacker claims to be selling sensitive data from OTP generating firm

1-click code execution vulnerabilities in popular software apps
News

1-click code execution vulnerabilities in popular software apps

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us