Tag Archives: avg

AVG, McAfee, Kaspersky Fix Common Vulnerability in Their Antivirus Products

Posted on by

The security bug relates to the fact that the AVG antivirus creates a memory space with full RWX (read-write-execute) privileges where it normally runs. For that particular version of the AVG antivirus, this memory space was not randomized and was often shared with other applications, like, for example, Acrobat Reader or the enSilo product that collided with the antivirus.

If an attacker knew about the antivirus’ predictable behavior and where this address space was, they could force their malicious code to execute inside that memory address and have the same privileges as the antivirus process (which is system-level).

Source: AVG, McAfee, Kaspersky Fix Common Vulnerability in Their Antivirus Products

Malware author taunts security researchers with built-in chat

Posted on by

Security researchers from AVG were decompiling a trojan — it had been originally posted to a Diablo III forum, masquerading as a how-to video — when the malware’s author popped up in a window on their screen. It turned out that the trojan had a built-in chat, as well as a screen-capture facility. The hacker who wrote the malware saw them working on defeating her or his virus and decided to tell them off for their audacity. Franklin Zhao and Jason Zhou, the AVG researchers, wrote up their experience:

via Malware author taunts security researchers with built-in chat – Boing Boing.