Caution: The Abrupt Turn! The Cyber Attack Story Continues with Antivirus
Updated on July 13, 2021: From now on, traffic filtering, malware protection, and suspicious DNS activity blocking are available as a part of the separate DNS Firewall app.
The development of modern technologies and communication in social networks is rapidly rising. At the same time, it’s worth pointing out that the black market with its cyber threats, and attacks are not showing signs of slowing down as well. With this in mind, we would like to bring up one of them which can harm the majority of internet users. This may sound kinda strange because it’s an antivirus which should be on your side, but it’s actually against you.
So, what is the reason for concern and why should you care?
A team of four researchers from two universities in Germany has found a way which gives an opportunity to use a scanning engine antivirus program as a tool for causing cyber havoc. This threat is focused on the decade’s old signature-based methodology that allows to uniquely identify a specific “known” virus in a short time with high detection rates. In other words, it’s dangerous. This process involves checking the contents of files by means of a malicious software dictionary.
While scanning a new object, the AV engine can quickly determine its digital signature. In the case when an anti-malware solution provider luckily recognizes this file as malicious, its signature appears on the list of known malicious software. If some bit of code matches this filter, the AV ticks it off as malware and either deletes the file or sends it to quarantine.
Remove cookies and logs by means of AV’s
The researchers say that if cyber criminals are able to retrieve signatures from the antivirus engine or understand how it works, they will use the AV software as a means to destroy confidential and valuable files. For instance, if you enter a copy of the malware signature into let’s say—a legal file, the antivirus will treat it as malware. As a result, there are 2 possible scenarios: to remove the threat or put it in quarantine. Therefore, hackers have an opportunity to do much more harm to the entire work process in a whole company.
The digital investigators succeeded in getting malware signatures from five scanning engines, and one of them was an open-source antivirus software tool, called ClamAV. It is a free platform for detecting trojans, viruses, and other malicious threats. Later the researchers performed three types of attacks by means of signatures:
1. Masking password guessing by erasing app logs
2. Removing users’ emails
3. Simplifying attacks by deleting browser cookies
Despite the imminent-look of this online danger, there is good news and still a reason to remain happily calm. According to Dr. Bontchev, a founding member of CARO (the Computer Antivirus Research Organization), “Nowadays much more advanced methods are used for malware detection. In some cases ‘scan strings’ are not used at all. Most of the time, they are used only as a hint to the scanner to engage its more sophisticated (but slower) detection algorithms.”
Thus, how can we help you?
Our KeepSolid team has inspected this threat and analyzed the feasibility of antivirus assisted attacks as well. Of course, you cannot be protected from all internet threats, no matter what other security experts may say, yet VPN Unlimited will surely minimize the risk as much as possible. Furthermore, KeepSolid DNS Firewall feature does not work with users’ files on computers and that’s why this attack hasn’t affected our product. In addition, it blocks domain names which distributes the viruses and malware—all in all, reducing the threat, so you sleep well.
Download VPN Unlimited to keep that private data under lock and enjoy your privacy.