Although Microsoft makes Windows Defender a more advanced security product, third-party antivirus tools are still considered by many essential tools to prevent malware from compromising computers. No system is exempt from a computer attack and Microsoft is where hackers focus their efforts the most.


Antivirus can be hacked

But it turns out that installing antivirus protection can be a double-edged sword, because a secure vulnerability in such software can allow cybercriminals to abuse the restoration of the quarantine option and, ultimately, infect the target device.

Security researcher Florian Bogner has discovered the vulnerability in the engine of several antivirus products, and as he explained in a depth analysis, makes it possible for attackers to simply move a quarantined file infected with malware to a sensitive location in local drives where It can generate more damage.

Their demonstration was reduced to a phishing attack that was blocked by the antivirus software when the malware sample was detected. With the file moved to quarantine, the vulnerability he called AVGater allowed access without privileges to the content that has been marked as infected.

Disabilitate the restoration of quarantine files

By applying the services of Windows like the unions of NTFS addresses and the order of searching of dynamic links in the library, you could of transferred an infected file from the quarantine to a sensitive location in the hard drive.

Bogner says that multiple big antivirus providers have seen themselves affected by the vulnerability,and others have already thrown patches, including Trend Micro, Emsisoft, Malwarebytes, Kaspersky and ZoneAlarm. Others will soon follow, but other details will not be provided due to the companies currently working on patches.

AVGater requires local access to the destination system,which means that the vulnerability can’t be exploited in a remotely form. A successful attack, however, can cause an attacker to obtain the total control over the system, they warn.

Needless to say that the best way for users to remain safe is to install the latest versions of antivirus software. Bogner also recommends the administrators to disabilitate the restoration of the quarantines functionality until the patches are implemented.

Like we always say, the security of our equipment is fundamental for good functioning. Counting with a good security software that’s perfectly updated is the best way to face possible external threats.

Malware attacks, unfortunately, have notably increased in recent times. Variety is important. We can also find a lot of ways that equipment can get infected. Thus we must count with a good antivirus. But common sense is also very important.That is to say, It’s required that we click somewhere or install an infected application.

Leave a reply