Exploit uses antivirus quarantine to release malware

via Florian Bogner

As the threat of malware grows more and more dangerous every day, antivirus programs evolve and help to keep our systems protected. However, a newly-discovered exploit takes advantage of these applications' features against themselves.

Florian Bogner, an Austrian IT security professional, dubbed the exploit as 'AVGater.' It takes advantage of the function of modern antiviruses to take out a certain entry from quarantine, and place it somewhere else on the host system to re-introduce the malware.

As explained in the video, a local attacker can manipulate the antivirus' scanning engine to bring the malicious file out. Typically, a non-administrator user would not be allowed to write a file to system folders like 'Program Files' or 'Windows', but by abusing NTFS directory junctions, access to these directories would be granted.

To be able to do all of this, however, the attacker must have access to the computer they want to infect; enterprise customers can be seen more as the ones who can be a target, as users could accidentally or even intentionally release a file from quarantine, potentially infecting others on their network.

Several unnamed products have been tested for AVGater prior to the disclosure of the exploit. Kaspersky, Malwarebytes, ZoneAlarm, Trend Micro, Emsisoft, and Ikarus have all released patches, as of publishing.

Source: Florian Bogner via Digital Trends

Report a problem with article
Next Article 1503288385_screen_shot_2017-08-20_at_9.05.03_pm

Xbox One X sold over 67,000 units during its first week in the UK

Previous Article 1510566412_notch_remover_cropped

There's an app for that: "Notch Remover" for iPhone X

15 Comments - Add comment

Advertisement