Thursday, December 11, 2008

BWI: Your Antivirus can be a Door for Hackers: iViZ "Green Cloud Security" Discovers New Vulnerabilities in AVG, Sophos, F-Secure etc

Press release from Business Wire India
Source: iViZ "Green Cloud Security"
Thursday, December 11, 2008 11:16 AM IST (05:46 AM GMT)
Editors: General: Consumer interest; Business: Advertising, PR & marketing, Business services, Information technology; Technology
Release no: 18712
--------------------------------------------------
Your Antivirus can be a Door for Hackers: iViZ "Green Cloud Security" Discovers New Vulnerabilities in AVG, Sophos, F-Secure etc


Bangalore, Karnataka, India, Thursday, December 11, 2008 -- (Business Wire India) -- iViZ, an information security company that offers "Green Cloud Security", the world's only on-demand penetration testing for applications, networks and compliance, has announced that it has discovered new classes of vulnerabilities in many popular commercial and open source antivirus software. These vulnerabilities can potentially allow attackers to break into systems using such antivirus software.

Bala Girisaballa, Vice President, Head of Product Management and Marketing explained how hackers can target a seemingly secure system and break into it by exploiting its antivirus software. "An attacker first crafts an email with malicious payload and sends it to the target user. When the email is scanned by the vulnerable antivirus software it can either crash the antivirus software or execute arbitrary code resulting in complete security bypass and remote system compromise" he added.

iViZ "Green Cloud Security" Vulnerability Research team conducts extensive research on new vulnerability discovery and attack techniques. Using variety of file fuzzing techniques it has discovered abnormal behavior in several security tools when handling complex or unusual executable header data especially in the case of executables packed with 3rd party packers like UPX, FSG etc. In such events, multiple bugs were found in antivirus software while processing malformed packed executables. Some of these bugs proved to be security vulnerabilities which could make the antivirus itself as a back door for hackers. The affected antivirus software vendors were informed of this anomalous behavior.

The affected software include many popular commercial and open source antivirus software such as AVG, F-Secure (F-Prot), Sophos, ClamAV, BitDefender & Avast. Other software could also be vulnerable. Organizations can learn more on technical details, potential impact and remediation recommendations on iViZ "Green Cloud Security" website www.greencloudsecurity.com.

To ensure user security iViZ "Green Cloud Security" follows the practice of responsible disclosure. The vulnerability details are disclosed first to the affected vendor before being made public. Bikash Barai said "We work closely with the vendors to help them with details and also in developing the solution. The vulnerability is disclosed in public only after coordinating with vendors and ensuring their users' safety. To ensure that our research cannot be maliciously used by attackers, the proof of concept exploits that demonstrate such real attacks in public are not released."

Companies and businesses in sectors such as banking, finance and insurance, IT/ITES and consulting, online retail, e-commerce, manufacturing, telecommunications, R&D, media among others are highly susceptible to such risks and should make it mandatory to conduct periodic penetration testing to assess the security of their systems and networks. Networks and Applications could include off-the-shelf products (operating systems, applications, databases, networking equipment etc), bespoke development (dynamic web sites, in-house applications etc) and wireless (WIFI, Bluetooth, IR, GSM, and RFID).

Introducing Green Cloud Security and highlighting on how organizations can safeguard themselves against these emerging threats, Bikash Barai, CEO iViZ said, "Regular periodic penetration testing can help companies combat the constantly evolving vulnerabilities and threats. Today there is a need for a more educated and alert user, and a vision to look beyond conventional security mechanisms in corporate information security."

About iViZ "Green Cloud Security":

iViZ is an information security company that has developed the world's first artificial intelligence based "human hacker simulation" technology to find all possible attack paths by which intruders can compromise applications and networks. This technology can detect attack paths which are otherwise missed out in traditional testing and also suggest suitable remedies. Using this patent pending technology it provides "Green Cloud Security"- a Software-as-a-Service based on-demand penetration testing solutions for applications, networks and compliance.

iViZ "Green Cloud Security" technology has won several global recognitions by Intel, University of California, Berkeley, London Business School, US Navy, US Homeland Security, Red Herring, Business Today and Nasscom. iViZ is credited to have consistently discovered numerous security vulnerabilities for the first time in the world in the products of several organizations like Microsoft, Intel, HP, McAfee, Lenovo etc.

GreenCloud Security solution has been used to conduct more than 1200 Penetration Tests and has been adopted by organizations like British Telecom, Makemytrip.com, Yatra.com, Reliance, TCS, Airtel, NSDL, Indian Defence and leading media group.

Originating from IIT Kharagpur, iViZ is funded by IDG Ventures, a global venture capital fund which has previously invested in companies like Netscape, MySpace, Baidu, Ctrip, Sohu, F5 etc.

For more information, visit www.greencloudsecurity.com or http://ivizsecurity.com.




CONTACT DETAILS
Bala Girisaballa, iViZ "Green Cloud Security", +91-9980235881, bala.girisaballa@ivizsecurity.com
Caleb David, Blue Lotus Communications, +91 9900170424, caleb@bluelotuspr.com
Wayne Ferrao, Blue Lotus Communications, +91 9833052002, wayne@bluelotuspr.com

KEYWORDS
CONSUMER, MARKETING, BUSINESS SERVICES, IT, TECHNOLOGY

If you wish to change your Business Wire India selection please click on this link http://www.businesswireindia.com/media/news.asp and use your personal username and password to login.

Submit your press release at http://www.businesswireindia.com

No comments:

Post a Comment