Author Topic: Exploit uses antivirus quarantine to release malware (Read 1270 times)

jperl13 · « **on:** November 13, 2017, 01:16:52 PM »

Exploit uses antivirus quarantine to release malware

https://www.neowin.net/news/exploit-uses-antivirus-quarantine-to-release-malware

Several unnamed products have been tested for AVGater prior to the disclosure of the exploit. Kaspersky, Malwarebytes, ZoneAlarm, Trend Micro, Emsisoft, and Ikarus have all released patches, as of publishing.

polonus · « **Reply #1 on:** November 13, 2017, 03:58:19 PM »

Posted in the generals, we might get an answer: https://forum.avast.com/index.php?topic=210810.msg1430712#new

polonus

RejZoR · « **Reply #2 on:** November 13, 2017, 08:00:09 PM »

avast! actually encrypts Chest content. Meaning you can't just move the malware from "quarantine" space into whatever spot you want and make it functional there. I could be wrong, but I'd say this "AVGater" only works if AV just "isolates" the malware by moving it from original location into a "quarantine" folder. Though I'm not really aware of any AV that would be doing this. Only Bitdefender Free which just denies access to a file, but leaves it where it is and gives entry in the interface "Quarantine" virtually. File is blocked, but isn't really moved from original location.

Author Topic: Exploit uses antivirus quarantine to release malware (Read 1270 times)

jperl13

Exploit uses antivirus quarantine to release malware

polonus

Re: Exploit uses antivirus quarantine to release malware

RejZoR

Re: Exploit uses antivirus quarantine to release malware