Avast, AVG, Windows Defender and other popular anti-virus software put you at risk

0
Avast, AVG, Windows Defender and other popular anti-virus software put you at risk
Avast, AVG, Windows Defender and other popular anti-virus software put you at risk

Or Yair, a cybersecurity researcher, claims that a large number of popular anti-virus software pieces, such as those produced by Microsoft, TrendMicro, and Avast, can be used to wipe out data from a computer. Anti-virus programs such as these are widely used across the globe, making it an alarming report because they are widely used around the globe. 

A cybersecurity firm SafeBreach has explained how the exploit works in a Proof-of-Concept document titled “Aikido” using what is called a “time-of-check to time-of-use” (TOCTOU) method in order to explain how it works. 

Using the force and movement of your opponent to your advantage is the basic principle behind Aikido, a Japanese martial art. 

In a nutshell, here’s what we do

According to the document, the vulnerability can be exploited to enable a variety of cyber-attacks often referred to as “Wipers”, which are used to attack targets in offensive war situations. An example of a wiper in cybersecurity is a type of malware that is capable of erasing the entire hard drive of a computer that it is infected with. Additionally, it is capable of deleting data as well as programs maliciously.

READ MORE: Morocco’s Dream Run in FIFA World Cup Was Predicted in a Movie in 2006 [Video]

According to the slide deck, the exploit redirects the “superpower” available to endpoint detection programs to be able to “delete all files, regardless of their privileges”. It outlines how to create a malicious file in the folder “C:/temp/Windows/System32/drivers/ndis.sys” in order to carry out the attack.

It holds the handle and forces the “AV/EDR to postpone the deletion until after the next reboot”, making it harder to detect. As a result, the exploit is able to hold the handle for a long time. 

In the next step, it deletes the “C:temp” directory and creates a junction in the “C.temp –> C :/” directory before rebooting the computer. 

Software that is affected by the virus

According to Aikido, only a few of the most well-known antivirus brands have been affected as a result of this attack.

According to the researcher, some examples of vulnerable programs are Microsoft Defender, Defender for Endpoint, SentinelOne EDR, TrendMicro Apex One, Avast Antivirus, and AVG Antivirus in the slide deck he prepared. 

It is still possible to have a secure environment with some products, such as Palo Alto, XDR, Cylance, CrowdStrike, McAfee, and BitDefender. 

LEAVE A REPLY

Please enter your comment!
Please enter your name here