Antivirus Engines as attack weapons for hackers

You will not believe this, but it is true, four researchers from Germany have turned antivirus engines into attack weapons, and if that is not scary enough, they have also explained the attack step by step, so action can be taken (on time).

The universities that participated:

  • Institute of System Security, TU Braunschweig
  • Institute of Computer Science, University of Göttingen

Names of the researchers:

  • Christian Wressnegger
  • Kevin Freeman
  • Fabian Yamaguchi
  • Konrad Rieck

Bleepingcomputer reports that the attack is centered on malware signatures, malware signatures are unique identifiers that are used by the malware. These unique identifiers are used by antivirus engines to detect unwanted files and processes.

The researchers state that they can initiate an antivirus-assisted attack which can result in the deletion or corruption of important system files or data. In short, they trick the antivirus into believing that specific ‘legitimate’ files contain malware signatures. The antivirus then initiates a process that matches to that malware signature. Resulting in an unwanted action.

Average overlap (ratio of identical bytes) of signatures derived from 5 antivirus programs

If you are interested in this research, you can read the paper here, or via the official source.

Founder of Cyberwarzone.com.