Computing News | Commercial antivirus software rendered useless in hours

Latest News | News Archive |

Posted by: Tweaker
Date added: 09:45 Tuesday, 12th August 2008 GMT
Source: Beta News

At the Race To Zero contest at DEFCON 16 in Las Vegas last weekend, seven sample viruses and three sample exploits were reverse engineered to the point where they could bypass anti-virus software. The task took one team just over two hours.

Race to Zero is a contest where a series of malicious code samples are given that must be modified to be able to circumvent five anti-virus engines, each sample more difficult than the last.

The contest began with the 20-year-old DOS virus Stoned, then followed with Netsky, Bagel, Sasser, Zlob, Welchia, and Virut.

Exploits included three Microsoft vulnerabilities: one for Word, the Vista animated cursor vulnerability, and the SQL database 2000 engine flaw or "Slammer" Worm. The Word exploit was later discarded from play because few contestants actually had a vulnerable version of Windows 2000 to test upon.

A major motivation for holding the contest was to show just how weak signature-based anti-virus software is and how quickly it can be bypassed. Signature-based anti-virus is the original technique that blocks programs that match known malicious signatures, based on pattern matching. While non CPU-intensive, it has reached the point where many consider it obsolete.

In the security community, however, this is a well-covered point, and some -companies already have moved toward more behavior- and rule-based programs.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]