nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Project Zero bod says antivirus black market is growing

Also: keep an eye out for upcoming Kaspersky patches

By Richard Chirgwin, 25 Sep 2015

Google troublemaker Tavis Ormandy, whose credits include turning up security vuln in popular antivirus products, reckons he's identified an active market in antivirus exploits.

In June, the Google Project Zero security bod found trivial bugs in the ESET tool, and earlier this month, he served a similar dish to Kaspersky.

In his latest post, Ormandy details more work on Kaspersky products (noting that the Russian outfit is already at work on patches).

From the vuln side, he identifies bugs in various file parsing routines (“everything from Android DEX files and Microsoft CHM documents to unpacking UPX and Yoda's Protector”, he writes). There's also a now-patched bug in Thinstall container handling.

More worryingly, Ormandy outlines the black market he believes is emerging.

“We have strong evidence that an active black market trade in antivirus exploits exists. Research shows that it’s an easily accessible attack surface that dramatically increases exposure to targeted attacks”, he writes.

That evidence includes a Wikileaks post from the Hacking Team leaks purportedly offering ESET vulnerabilities for sale.

Ormandy offers an olive branch to Kaspersky for its fast response, and warns users to watch the company's issues-trackers in the next few weeks. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing