Skip to main content
  1. Home
  2. Computing
  3. News

New exploit uses antivirus software to help spread malware

Eric Brackett
By

Hacker
hamburg_berlin/Shutterstock
One of the most basic rules of safe web browsing is to use antivirus software in order to keep your computer safe. While it’s a good idea to make use of such software, but a recently discovered exploit proves that even the best antivirus software is not fool proof.

Nicknamed AVGater by Austria-based security consultant Florian Bogner, the exploit takes advantage of the “restore from quarantine” function found on many antivirus programs. The concept behind the exploit is fairly simple one. It allows a user to move a piece of malware from the quarantined folder to somewhere else on the victim’s computer, allowing the malware to be executed.

Recommended Videos

Bogner uploaded a video that provides more information on how the exploit works.

Related

Under normal circumstances, the restore from quarantine function would not allow a non-administrator to write a file to the computer’s C:\Program Files or C:\Windows folders, but this attack takes advantage of Windows’ NTFS function to grant the user access to these folders.

As impressive as this all sounds, there is one major flaw which will drastically limit the scope of this exploit. In order to do any of this, the hacker in question must physically be at the computer they wish to infect. Given that most malware is spread via the internet, it is unlikely that this exploit will cause major problems.

Enterprise computers could be the devices most at risk to this sort of attack. While we don’t see it being a widespread problem, it’s feasible that a disgruntled employee could decide to get a little revenge, though such cases are rather limited in nature; most people won’t risk their jobs or prison for such a stunt. That being said, Bogner offered a simple fix to this problem by simply disabling the remove from quarantine feature on enterprise computers.

In terms of antivirus programs, Bogner has notified the vendors of the various software which contain this flaw and many have already rolled out patches to fix this issue.

Exploits such as this are found from time-to-time, but that shouldn’t dissuade users from installing antivirus software as it remains one of the best, though not unquestioned, ways to keep a computer safe from malware and other issues.

Editors' Recommendations

Topics
Eric Brackett
Eric Brackett
Former Digital Trends Contributor
Malware is spreading through Google Bard ads — here’s how to avoid them
A person holds a phone with the Google logo and word 'Bard' on the screen. In the background is a Google Bard logo.

As the public adjusts to trusting artificial intelligence, there also brews a perfect environment for hackers to trap internet users into downloading malware.

The latest target is the Google Bard chatbot, which is being used as a decoy for those online to unknowingly click ads that are infected with nefarious code. The ads are styled as if they are promoting Google Bard, making them seem safe. However, once clicked on, users will be directed to a malware-ridden webpage instead of an official Google page.

Read more
In the age of ChatGPT, Macs are under malware assault
A person using a laptop with a set of code seen on the display.

It's common knowledge -- Macs are less prone to malware than their Windows counterparts. That still holds true today, but the rise of ChatGPT and other AI tools is challenging the status quo, with even the FBI warning of its far-reaching implications for cybersecurity.

That may be why software developer Macpaw launched its own cybersecurity division -- dubbed Moonlock -- specifically to fight Mac malware. We spoke to Oleg Stukalenko, Lead Product Manager at Moonlock, to find out whether Mac malware is on the rise, and if ChatGPT could give hackers a massive advantage over everyday users.
State-sponsored attacks

Read more
This PowerPoint ploy could help hackers empty your bank account
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

 

With various cybersecurity threats on a constant rise, it certainly feels like dangerous malware is around every corner. This time, it found its way into PowerPoint presentations disguised as helpful guides on how to protect yourself against phishing. The irony of it all is strong, but the worst part is that this malware could help attackers empty your bank account.

Read more