NOD32 misses exec-only malware?

By on

Researcher claims NOD32 flaw remains unsolved after tip-off.

A security researcher has claimed that NOD32 anti-virus will not remove malware that has executable but not read or write permissions.

The researcher claimed NOD32 allowed malware "to run unimpeded" but the company did not respond to attempts to confirm the flaw.

Avast anti-virus was also affected although it later fixed the flaw after it was notified.

The researcher said Eset, which owns NOD32, did not respond when it was privately notified of the flaw.

"The vulnerability discussed here is that some antivirus software fail to perform their functions if the malware file is missing read, write or delete permissions," the researcher said. "They might not scan the file contents, not delete, or not disinfect it."

The anti-virus flaw was detected with NOD32 running on a virtualised Windows XP Professional SP3 using the Back Orifice 2000 server file (bo2k.exe) with file permissions set to only allow execution.

NOD32 versions, and earlier, and earlier and 4.0.x were reportedly affected.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

In Partnership With

Most Read Articles

Log In

Username / Email:
  |  Forgot your password?