NOD32 misses exec-only malware?

By

Researcher claims NOD32 flaw remains unsolved after tip-off.

A security researcher has claimed that NOD32 anti-virus will not remove malware that has executable but not read or write permissions.


The researcher claimed NOD32 allowed malware "to run unimpeded" but the company did not respond to attempts to confirm the flaw.

Avast anti-virus was also affected although it later fixed the flaw after it was notified.

The researcher said Eset, which owns NOD32, did not respond when it was privately notified of the flaw.

"The vulnerability discussed here is that some antivirus software fail to perform their functions if the malware file is missing read, write or delete permissions," the researcher said. "They might not scan the file contents, not delete, or not disinfect it."

The anti-virus flaw was detected with NOD32 running on a virtualised Windows XP Professional SP3 using the Back Orifice 2000 server file (bo2k.exe) with file permissions set to only allow execution.

NOD32 versions 5.0.93.0, 5.0.94.0 and earlier, 4.2.71.2 and earlier and 4.0.x were reportedly affected.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

China blamed after cyberattack hits Czech Republic

China blamed after cyberattack hits Czech Republic

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?