dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
703
share rss forum feed


DonnaB
Premium
join:2003-05-07
malaysia

Multiple antivirus bypass by special crafted ..

archive vulnerability

SecuBox Labs reported a vulnerability with multiple antivirus which bypass special crafted archive.

Release Date : 2005-10-05
Tested on: Windows 2000 SP2 & SP4
Tested with: Jotti Online Antivirus Scanner
Tested with: VirusTotal Online Antivirus Scanner
Tested with: Command line freeware UnRAR v3.50

Affected Products:
* Kaspersky Antivirus
* BitDefender Antivirus
* NOD32 Antivirus
* F-Prot Antivirus
* Avast Antivirus
* McAfee Antivirus
* Sophos Antivirus
* Symantec Antivirus
* Dr.Web Antivirus
* Avira Antivirus
* Norman Virus Control Antivirus
* Fortinet Antivirus
* VBA32 Antivirus
* Rising Antivirus
* AntiVir Antivirus
* eTrust-Iris Antivirus
* ArcaVir Antivirus
* eTrust-Vet Antivirus
* UNA Antivirus
* TheHacker
[+] May be others.....

Not affected:
* Grisoft AVG AntiVirus
* Ikarus AntiVirus
* ClamAV Antivirus
* Panda Antivirus
* CAT Quick Heal

Discovered by: fRoGGz
Credit to: SecuBox Labs
Rated as : Medium

More info in »shadock.net/secubox/AVCraftedArchive.html
--
Microsoft MVP
Member of ASAP
Calendar of Updates
SecurityFlash


tdykerd

@eq.edu.au
Not a big deal, but would be good to get fixed (:

I still love nod32 and kaspersky.


DonnaB
Premium
join:2003-05-07
malaysia
reply to DonnaB
The list of affected products has been updated. More antivirus programs is now affected.

Affected Products:
* Kaspersky Antivirus
* BitDefender Antivirus
* NOD32 Antivirus
* F-Prot Antivirus
* Avast Antivirus
* McAfee Antivirus
* Sophos Antivirus
* Symantec Antivirus
* Dr.Web Antivirus
* Avira Antivirus
* Norman Virus Control Antivirus
* Fortinet Antivirus
* VBA32 Antivirus
* Rising Antivirus
* AntiVir Antivirus
* eTrust-Iris Antivirus
* ArcaVir Antivirus
* eTrust-Vet Antivirus
* UNA Antivirus
* Ikarus AntiVirus
* ClamAV Antivirus
* Panda Antivirus
* CAT Quick Heal
* TheHacker
* Trustix Antivirus
* Grisoft AVG AntiVirus
* Proland Protecteor Plus 2000 AntiVirus
[+] May be others.....

Secunia »secunia.com/advisories/17126/ published a possible work-around:

Desktop on-access scanner should be used to ensure that the malware is detected upon extraction. Filter all compressed file archives at border gateways if they are not required.
--
Microsoft MVP
Member of ASAP
Calendar of Updates
SecurityFlash