Researchers Discover New Attack Bypassing Almost All Antivirus Protections
Researchers at mactousec.com have discovered a new method that renders almost all antivirus protections useless. Basically it works by a simple bait and switch method, where safe code is sent in that passes the check and before it is executed, swapped with a damaging code. Timing is usually a key factor - switch in too early, and it's detected. Too late, and the original safe code has already been executed. However, it seems that this trick makes use of the multi-threaded processing, as the antivirus program is unable to keep track of other threads running at the same time, according to the researchers.
theregister.co.uk - Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender.
The method, developed by software security researchers at matousec.com, works by exploiting the driver hooks the anti-virus programs bury deep inside the Windows operating system. In essence, it works by sending them a sample of benign code that passes their security checks and then, before it's executed, swaps it out with a malicious payload.
Full article here, including more information on its limitations and weaknesses of the exploit.