Hackers disable certain services to avoid detection till the attack is complete.
Even the computer’s guardian can serve as a trojan. After phishing, pharming and vishing, security experts have discovered that malware is increasingly spreading through the very device that is used as a safeguard against it — the antivirus software. Users don’t suspect that their antivirus software can also be compromised.
iViz, an information security company, has detected multiple vulnerabilities in commonly-used antivirus software, which make the software susceptible to hacking.
Bikash Barai, CEO, iViz, said: “A hacker can send a mail with an infected file and while processing it, the antivirus software can be compromised.”
Amuleek Bijral, country manager, India & Saarc, RSA, the security division of EMC, said: “There is a strong possibility of antivirus software being hacked, as antiviruses only delete and detect known viruses. For instance, if a friend or colleague developed a virus and mailed it to your id, the firewall and antivirus will just assume that it is a fine program and not a virus. However, some antiviruses detect malicious actions and block it. In short, you can never be safe on the internet with just an antivirus as it is a point solution.”
An antivirus is a point solution and its function is to block virus attacks. It is difficult for a point solution to provide comprehensive protection to a system. Around 90 per cent of the attacks are for financial gains and not for fun and are launched by professional, organised hackers.
“The hacker just has to change signatures randomly to get past the software. So, it is not difficult at all for a hacker to get past an antivirus solution,” Bijral added.
Changes in the malware landscape have led to the creation of multiple variants of different malware strains and targeted attacks. Industry observers believe the antivirus and antispam software of major companies like Sophos, ClamAV and BitDefender have been compromised.
Murali Talasila, director, forensic technology services, KPMG, says: “An instance of antivirus hacking, and which is spreading, is that during home calls — when an antivirus is sending updates to the client — some other page appears instead of the antivirus’. This is a recent phenomena and a niche area of hacking.”
Nitin Jyoti, manager, anti-malware research, McAfee said antivirus software is just like any other software. Vishal Dhupar, managing director, Symantec India, agreed: “If an antivirus software is not protected from malicious attacks, then it is vulnerable and can be hacked, but if an antivirus software is protected from tampering of the critical antiviral processes and programs, then it is secure.”
Symantec has a feature called ‘Tamper Protection’ which detects any modification to antivirus processes as well as programs and blocks those changes. “What hackers normally do is to target anti-virus programs as well as processes and shut these down or disable the services so that the programme will not recognise any attack. After the attack is done, they turn it on to avoid detection that anti-virus was turned-off,” Dhupar added.