Tuesday, October 31, 2006

Codecs, Drivers, and Kapersky

Fake Codecs and Kapersky - written by hackers?

Here's something more about fake codecs and driver security hacks: Fake Codecs

I've wondered about the potential security issues with drivers for quite some time.

A note on Kapersky: Since it recognizes this hack and was used in some very sophisticated hacking in commercial software server abuse (see a recent post on a hack that installs it's own virus checker) I am wondering more and more about the virus scanner.

So I read more about it: This company seems to be "headquartered" in a number of countries all over the world, listing Russia first. I read that they have since moved headquarters to England and a visit to their web site reports a US address.

I bet it is the best virus checker out there...that doesn't mean I'll use it.

Let's say someone wanted to infiltrate the most protected and secure machines around the world? What would be the most effective way to do that?

Think Trojan horse.

Write the software that is protecting them of course.

Just a twisted idea for a movie plot.

Instead of making the world hate them - by sneaking things onto their machine or creating PR nightmares such as this supposed FBI Keylogger (Magic Lantern) has done -- the world loves them...and invites them in...yes protect my computer!

Here's a twisted thought: What if Kapersky likes the idea that Microsoft is blocking out anti-virus checkers from other vendors:

Kapersky says Vista doesn't block out anti-virus vendors

I did some research on Kapersky just for fun...I'm sure all security software has bugs but here's what I found...

Kaspersky Anti-Virus cab.ppl CAB Archive Handling Overflow
A remote overflow exists in Kapersky Anti-Virus. The 'cab.ppl' engine fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted CAB archive, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Kapersky Buffer Overrun

"The recent compromise at Kapersky Labs, in which subscribers were potentially duped into accepting fake updates which contained the Bridex Worm, demonstrates the critical importance of this enhanced approach to update security," said John Sharp, president and CEO of Authentium in a statement...Kapersky fake downloads

Something that someone else will need to interpret Congrats, you've detected Kapersky AV

Here's another article worth a look - on security problems with your anti-virus software. One of the problems with Panda could leave your machine open to a complete take-over by a hacker. A seemingly innocent error...

Security problems in Security Software

Who's auditing the virus scanners and security software?

And who's to say all distributions of a particular software are the same?

And who's to say things aren't hiding in plain sight?

Ok yeah it's just a thought. Just kidding. Kind of.

Verify, validate, audit.