Author Topic: Security hole in Bitdefender's scan-engine based av-solutions.  (Read 4501 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32610
  • malware fighter
Security hole in Bitdefender's scan-engine based av-solutions.
« on: January 21, 2020, 10:38:48 PM »
Where specially crafted RAR-files makes av-solutions won't scan that specific malcode.
It goes under the radar.

This issue is with av solutions that make use of Bitdefender's scan-engine, like Bullguard, G Data, Emisoft.

Read: https://blog.zoller.lu/p/from-low-hanging-fruit-department.html
https://www.centos.org/forums/viewtopic.php?t=65285

Others that make use of Bitdefender's engine:
Auslogics Antivirus
e-Scan,
IObit Advanced SystemCare with Antivirus 2013
F-Secure,  (no longer using - thanks, Pondus  ;)
Hauri (ViRobot)
Imen,
Immunet,
Lavasoft Total Security,
MultiCore Antivirus
Qihoo 360,
RadialPoint,
Roboscan Internet Security
SafeNSoft,
SecurityCoverage,
SourceNext,
SurfRight,
TrustPort,
VirusChaser,
Zenok.
AV-Defender

Question - Is avast av also vulnerable?

Second time after the BZIP-file issue malcoded RAR-files fool av-scanners.

polonus
« Last Edit: January 22, 2020, 05:50:32 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36730
Re: Security hole in Bitdefender's scan-engine based av-solutions.
« Reply #1 on: January 22, 2020, 01:50:55 AM »
Quote
Others that make use of Bitdefender's engine:
Auslogics Antivirus
e-Scan,
IObit Advanced SystemCare with Antivirus 2013
F-Secure,
...................
...................
...................
F-Secure moved to Avira engine in 2018/2019



« Last Edit: January 22, 2020, 09:28:13 PM by Pondus »

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32610
  • malware fighter
Re: Security hole in Bitdefender's scan-engine based av-solutions.
« Reply #2 on: January 26, 2020, 05:29:47 PM »
Many more av solutions could meet with such 0-day disasters inside their software...as trendmicro has recently:

But it is really scaring when you are being attacked by a zero day inside the av-solution that should protect you.
How harsh? Read: http://www.mitsubishielectric.co.jp/news/2020/0120-b.pdf
Re: https://success.trendmicro.com/solution/000151730 & https://twitter.com/kterashita/status/1219425905262526464

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!