[virusinfo] virus infiltrates McAfee and Trend

• From: "Mike" <mikebike@xxxxxxxxx>
• To: virusinfo@xxxxxxxxxxxxx
• Date: Tue, 22 Mar 2005 11:30:41 -0800

Virus infiltrates McAfee and Trend



Elizabeth Millard, www.cio-today.com 
A vulnerability has been discovered in the McAfee AntiVirus library, which
is used in many of the company's desktop, server and gateway products. 


Reported by Atlanta-based security firm Internet Security Systems (Nasdaq:
ISSX - news) (ISS), the problem appears when a malformed file in the
compressed LHA format is processed by the library. When such an event
occurs, a stack overflow can be triggered, allowing an attacker to execute
malicious code. 


The McAfee product is used to parse different file formats to detect
malware. 


Other security software makers have had similar trouble lately as well.
Compressed file processing in a library engine also produced flaws in Trend
Micro's (Nasdaq: TMIC - news) antivirus products. 


Open Hole 


Successful exploit of the McAfee vulnerability could lead to unauthorized
access to networks and machines that are protected by the McAfee AntiVirus
library product, according to ISS. 


Implementations of McAfee AntiVirus library are likely vulnerable through
common protocols like SMTP, HTTP and FTP, the security firm reported. 


No authentication is required for an attacker to exploit the flaw, leading
ISS to conclude that the library implementations are vulnerable in their
default configurations. 


Tempting Target 


Antivirus programs are attractive to virus writers because they involve a
large number of users and can guarantee a fairly high infection rate,
especially if the program is popular, said Thomas Kristensen, security
researcher at Secunia. 


In early February, Secunia and several other firms reported on
vulnerabilities in a number of Symantec's (Nasdaq: SYMC - news) products. 


"It's appealing to attackers to find exploits in antivirus," Kristensen
told CIO Today. "But we can take comfort in the fact that it's security
firms finding these flaws first. Obviously, it would be pretty bad if
malicious guys had gotten there before everyone else." 


Future Threat 


Despite the recent holes seen in McAfee and Symantec products, generally
there have not been many vulnerabilities reported in antivirus software,
said Kristensen. 


However, it is possible that these types of programs will draw the
attention of attackers in the future, especially as more users download
antivirus protection. 


"Antivirus software is usually very complex, so although it would be nice
if the programs were flawless, it's natural for errors to occur," he noted.
"Sadly, it's just bound to happen."

Submited by Bonnie
*********** MIKE"S REPLY SEPARATOR  ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member 

Other related posts:

• » [virusinfo] virus infiltrates McAfee and Trend

1. Home
2. virusinfo
3. Archive
4. 03-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---