Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Tuesday November 14 2017, @03:12AM   Printer-friendly
from the still-better-with-than-without dept.

Submitted via IRC for SoyCow1984

Antivirus programs, in many cases, make us safer on the Internet. Other times, they open us to attacks that otherwise wouldn't be possible. On Friday, a researcher documented an example of the latter—a vulnerability he found in about a dozen name-brand AV programs that allows attackers who already have a toehold on a targeted computer to gain complete system control.

AVGater, as the researcher is calling the vulnerability, works by relocating malware already put into an AV quarantine folder to a location of the attacker's choosing. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory such as C:\Windows or C:\Program Files, which normally would be off-limits to the attacker. Six of the affected AV programs have patched the vulnerability after it was privately reported. The remaining brands have yet to fix it, said Florian Bogner, a Vienna, Austria-based security researcher who gets paid to hack businesses so he can help them identify weaknesses in their networks.

Bogner said he developed a series of AVGater exploits during several assignments that called for him to penetrate deep inside customer networks. Using malicious phishing e-mails, he was able to infect employee PCs, but he still faced a significant challenge. Because company administrators set up the PCs to run with limited system privileges, Bogner's malware was unable to access the password database—known as the Security Account Manager—that stored credentials he needed to pivot onto the corporate network.

"With the help of AVGater, I gained local admin privileges," Bogner wrote in an e-mail. With full control over the employee computer his exploit provided, he had no trouble accessing the credential store, which is commonly known as a SAM database. "So AVGater was VERY useful during several of our pentests and red-teaming assignments."

Source: https://arstechnica.com/information-technology/2017/11/how-av-can-open-you-to-attacks-that-otherwise-wouldnt-be-possible/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Tuesday November 14 2017, @03:24AM (6 children)

    by Anonymous Coward on Tuesday November 14 2017, @03:24AM (#596642)

    And android that must be a total accident

  • (Score: 4, Insightful) by Runaway1956 on Tuesday November 14 2017, @03:34AM (5 children)

    by Runaway1956 (2926) Subscriber Badge on Tuesday November 14 2017, @03:34AM (#596646) Journal

    The need for an AV isn't exactly "built into Android". Most of the vulnerabilities in Android are baked in by the manufacturers and the Telco customers. If the supply chain weren't so insistent on monitoring and data mining their end customers, Android would be much more secure than it is today. The open source code that Google published is NOT what you get on your "smart" phone. But, you already knew that, didn't you? If your device (phone, laptop, desktop, server, mainframe, whatever) comes with preinstalled malware, then your device is already pwned. You can't really blame the operating system when some third party also pwns your device.

    • (Score: 0) by Anonymous Coward on Tuesday November 14 2017, @03:50AM (2 children)

      by Anonymous Coward on Tuesday November 14 2017, @03:50AM (#596653)

      You have failed to understand my sarcasm, windows and android are both agents of the state and there intent is to murder you in whatever way is convenient for whatever agent of the state needs you dead at that moment.

      • (Score: 2) by tibman on Tuesday November 14 2017, @02:41PM (1 child)

        by tibman (134) Subscriber Badge on Tuesday November 14 2017, @02:41PM (#596802)

        How do you see through all the chemtrails?

        --
        SN won't survive on lurkers alone. Write comments.
        • (Score: 0) by Anonymous Coward on Tuesday November 14 2017, @03:22PM

          by Anonymous Coward on Tuesday November 14 2017, @03:22PM (#596820)

          Tinfoil glasses.

    • (Score: 1) by dwilson on Tuesday November 14 2017, @05:50AM

      by dwilson (2599) Subscriber Badge on Tuesday November 14 2017, @05:50AM (#596672) Journal

      How about LineageOS? Would you call that better or worse than the pre-installed crapware?

      I've been running it since May, on a five year old phone. It shows, too. But I've always considered it worthwhile in spite of the various quirks and irritations that a not-quite-fast-enough system will manifest when running the latest and greatest.

      --
      - D
    • (Score: 2) by TheRaven on Tuesday November 14 2017, @11:18AM

      by TheRaven (270) on Tuesday November 14 2017, @11:18AM (#596748) Journal
      I run LineageOS and keep an eye on the CVE list. There have been around 400 CVEs for my phone since it was first released about 4 years ago. These are in the Linux kernel, drivers, and core bits of the Android system. None of the ones that I've seen are anything to do with a desire to monitor me from anyone in the supply chain, they're all the result of crappy coding practices at Google and OEMs.
      --
      sudo mod me up