Four antivirus providers have released patches for an issue that was initially detailed by a researcher more than 10 years ago.
Reported by Thierry Zoller in 2009, the bug resides in an attacker’s ability to craft compressed archives that, although accessible to a user, cannot be scanned by the antivirus product.
The flaw, Zoller explains, does not refer to a single archive format, but to the user’s ability to alter a compressed archive in such a manner that it becomes inaccessible to the AV software. Multiple types of archive formats can be used, including ISO, ZIP, and Bz2.
The bug has a low impact on the client side, considering that the user can inspect the file after extraction, but severely impacts any email gateways or antivirus infrastructure, given that the archive cannot be automatically decompressed to inspect its content.
Ten years after the initial discovery, Zoller decided to revisit the issue and assess the manner in which AV vendors have addressed it in their products. He also contacted vendors to report the bug.
What he says he has found so far is rather discouraging: not only was the bug ignored, but some of the vendors he recently contacted to submit vulnerability reports did not react positively.
In November 2019, the issue caught additional attention, after it started being abused in campaigns looking to disseminate malware via emails.
According to Zoller, the bug impacts many products from multiple vendors, including Avira, Bitdefender, ESET and Kaspersky, which he contacted in October 2019 to report the flaw ..
Support the originator by clicking the read the rest link below.
