SUMMARYThe security of modern computer systems heavily depends on security tools, especially on antivirus software solutions. In the anti‐malware research community, development of techniques for evading detection by antivirus software is an active research area. This has led to malware that can bypass or subvert antivirus software. The common strategies deployed include the use of obfuscated code and staged malware whose first instance (usually installer such as dropper and downloader) is not detected by the antivirus software. Increasingly, most of the modern malware are staged ones in order for them to be not detected by antivirus solutions at the early stage of intrusion. The installers then determine the method for further intrusion including antivirus bypassing techniques. Some malware target boot and/or shutdown time when antivirus software may be inactive so that they can perform their malicious activities. However, there can be another time frame where antivirus solutions may be inactive, namely, during the time of update. All antivirus software share a unique characteristic that they must be updated at a very high frequency to provide up‐to‐date protection of their system. In this paper, we suggest a novel attack vector that targets antivirus updates and show practical examples of how a system and antivirus software itself can be compromised during the update of antivirus software. Local privilege escalation using this vulnerability is also described. We have investigated this design vulnerability with several of the major antivirus software products such as Avira, AVG, McAfee, Microsoft, and Symantec and found that they are vulnerable to this new attack vector. The paper also discusses possible solutions that can be used to mitigate the attack in the existing versions of the antivirus software as well as in the future ones. Copyright © 2013 John Wiley & Sons, Ltd.
Smart grid, the future power grid, is expected to provide better energy efficiency, more customer choices and improved reliability and security. As the smart grid is an integrated system that consists of multiple subsystems, understanding it as a whole system is required to fully understand the security risks it faces. In this paper, a sophisticated cyberphysical system (CPS) unique malware attack against the smart grid is proposed. The paper first outlines the architecture of the smart grid in general. Then we present the characteristics of recent malware attacks targeting the CPS such as Stuxnet and Shamoon. These lead to the design of our proposed attack that incorporates the key features from the smart grid architecture and the recent real attacks. One key aspect of the proposed attack is that it manipulates various physical field devices as well as cyber systems to illustrate how a blackout is possible even under the security-improved smart grid environment. Then, we explain the application of defensive techniques in the context of the suggested attack. Lastly, prototype implementation showing the effectiveness of the attack and the defensive measures is described.
SUMMARYMajor anti-virus solutions have introduced a feature known as 'self-protection' so that malware (and even users) cannot modify or disable the core functionality of their products. In this paper, we have investigated 12 anti-virus products from four vendors (AVG, Avira, McAfee and Symantec) and have discovered that they have certain security weaknesses that can be exploited by malware. We have then designed a novel malware, which makes use of the weaknesses in anti-virus software and embeds itself to become a part of the vulnerable anti-virus solution. It subverts the self-protection features of several anti-virus software solutions. This malware integrated anti-virus enjoys several advantages such as longevity (anti-virus is active while the system is running), improved stealthy behaviour, highest privilege and capability to bypass security measures. Then we propose an effective defence against such malware. We have also implemented the defensive measure and evaluated its effectiveness. Finally, we show how the proposed defence can be applied to the current versions of vulnerable anti-virus solutions without requiring signficant modifications.
In this paper, we propose an advanced malware, anti-virus parasitic malware (AV-Parmware). It attacks protected components of anti-virus software by their exploiting security weaknesses, and compromises the target systems by being a parasite on the anti-virus. We have investigated 18 antivirus solutions from seven major anti-virus software vendors and have discovered that 12 products from four vendors (AVG, Avira, McAfee, and Symantec) have certain security weaknesses that can be utilised in the proposed malware 1 . There are several advantages to being an anti-virus parasitic malware, including longevity (anti-virus runs while its system is up), improved stealthy behaviour, highest privileges and capability to bypass security measures such as Egress filtering. We have implemented our proposed parasitic malware, and have shown that all these advantages are achieved in practice.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.