Skip to main content

New exploit uses antivirus software to help spread malware

One of the most basic rules of safe web browsing is to use antivirus software in order to keep your computer safe. While it’s a good idea to make use of such software, but a recently discovered exploit proves that even the best antivirus software is not fool proof.

Nicknamed AVGater by Austria-based security consultant Florian Bogner, the exploit takes advantage of the “restore from quarantine” function found on many antivirus programs. The concept behind the exploit is fairly simple one. It allows a user to move a piece of malware from the quarantined folder to somewhere else on the victim’s computer, allowing the malware to be executed.

Bogner uploaded a video that provides more information on how the exploit works.

Under normal circumstances, the restore from quarantine function would not allow a non-administrator to write a file to the computer’s C:\Program Files or C:\Windows folders, but this attack takes advantage of Windows’ NTFS function to grant the user access to these folders.

As impressive as this all sounds, there is one major flaw which will drastically limit the scope of this exploit. In order to do any of this, the hacker in question must physically be at the computer they wish to infect. Given that most malware is spread via the internet, it is unlikely that this exploit will cause major problems.

Enterprise computers could be the devices most at risk to this sort of attack. While we don’t see it being a widespread problem, it’s feasible that a disgruntled employee could decide to get a little revenge, though such cases are rather limited in nature; most people won’t risk their jobs or prison for such a stunt. That being said, Bogner offered a simple fix to this problem by simply disabling the remove from quarantine feature on enterprise computers.

In terms of antivirus programs, Bogner has notified the vendors of the various software which contain this flaw and many have already rolled out patches to fix this issue.

Exploits such as this are found from time-to-time, but that shouldn’t dissuade users from installing antivirus software as it remains one of the best, though not unquestioned, ways to keep a computer safe from malware and other issues.

Editors' Recommendations

Eric Brackett
Former Digital Trends Contributor
Is ChatGPT creating a cybersecurity nightmare? We asked the experts
A person's hand holding a smartphone. The smartphone is showing the website for the ChatGPT generative AI.

ChatGPT feels pretty inescapable right now, with stories marveling at its abilities seemingly everywhere you look. We’ve seen how it can write music, render 3D animations, and compose music. If you can think of it, ChatGPT can probably take a shot at it.

And that’s exactly the problem. There's all manner of hand-wringing in the tech community right now, with commenters frequently worrying that AI is about to lead to a malware apocalypse with even the most green-fingered hackers conjuring up unstoppable trojans and ransomware.

Read more
Hackers are using a devious new trick to infect your devices
A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.

Read more
Microsoft just gave you a new way to stay safe from viruses
A dark mystery hand typing on a laptop computer at night.

Microsoft has just taken a vital step towards better protecting your devices from malware, and it’s one that could stop viruses dead in their tracks. Interestingly, though, the Redmond giant seems to have made no mention of the change, despite its significance.

The new policy might sound minor on the surface: Microsoft’s SharePoint cloud storage service can apparently now scan files that are encrypted or password-protected. Previously, this wasn’t thought to be possible.

Read more