Project Zero bod says antivirus black market is growing

Also: keep an eye out for upcoming Kaspersky patches

Google troublemaker Tavis Ormandy, whose credits include turning up security vuln in popular antivirus products, reckons he's identified an active market in antivirus exploits.

In June, the Google Project Zero security bod found trivial bugs in the ESET tool, and earlier this month, he served a similar dish to Kaspersky.

In his latest post, Ormandy details more work on Kaspersky products (noting that the Russian outfit is already at work on patches).

From the vuln side, he identifies bugs in various file parsing routines (“everything from Android DEX files and Microsoft CHM documents to unpacking UPX and Yoda's Protector”, he writes). There's also a now-patched bug in Thinstall container handling.

More worryingly, Ormandy outlines the black market he believes is emerging.

“We have strong evidence that an active black market trade in antivirus exploits exists. Research shows that it’s an easily accessible attack surface that dramatically increases exposure to targeted attacks”, he writes.

That evidence includes a Wikileaks post from the Hacking Team leaks purportedly offering ESET vulnerabilities for sale.

Ormandy offers an olive branch to Kaspersky for its fast response, and warns users to watch the company's issues-trackers in the next few weeks. ®


Biting the hand that feeds IT © 1998–2017