ATTK of the Pwns: Trend Micro's antivirus tools 'will run malware – if its filename is cmd.exe'

ATTK of the Pwns: Trend Micro's antivirus tools 'will run malware – if its filename is cmd.exe'

Try not to save files to your Windows PC called cmd.exe or regedit.exe


Video A flaw in the Trend Micro Anti-Threat Toolkit can be exploited by hackers to run malware on victims' Windows computers.


Bug-hunter John "hyp3rlinx" Page took credit for uncovering CVE-2019-9491, an arbitrary code execution flaw in the security tool.


In short, the Trend software can be tricked into executing any old piece of software under the sun, including malware, when it is scanned, provided the filename is cmd.exe or regedit.exe. No, really.


"Trend Micro Anti-Threat Toolkit (ATTK) will load and execute arbitrary .EXE files if a malware author happens to use the vulnerable naming convention of 'cmd.exe' or 'regedit.exe'" hyp3rlinx explained on Saturday.


"And the malware can be placed in the vicinity of the ATTK when a scan is launched by the end user."


Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope's Click to Pray eRosary app


READ MORE

In other words, your Trend antivirus software can be tricked into running a virus. That's… not good. It means if you can save a file on someone's PC as cmd.exe or regedit.exe, via a download or email or something like that, and they're running ATTK, you can now run malicious code on their machine.


"Since the ATTK is signed by verified publisher and therefore assumed trusted any MOTW security warnings are bypassed if ..

Support the originator by clicking the read the rest link below.