Antivirus firms in a frenzy

A German research company has found a gaping hole in leading antivirus software, putting security firms in a panic.

TrendMicro, McAfee and Kaspersky antivirus software packages were found to contain vulnerabilities, which if exploited can produce effects similar to denial of service (DoS) attacks, the researchers claimed.

"There is a problem with decompressing files," said Dr. Peter Bieringer, security consultant for AERAsec Network Services and Security GmbH. "Normally anti-virus software decompresses files for scanning. The decompression unit can have problems if the decompressed file is too big."

AERAsec believes when antivirus software decompresses a large file, it can use up all available file space and processing power of a computer, resulting in machine failure.

"Good anti-virus software has a storage limit, but some decompression units have none," added Bieringer.

In a press statement, McAfee admitted it had known about the issue for some time.

"It is an issue McAfee is aware of, but we are still deciding on the depth of the problem," said a spokesman for the company. "We are looking at the basis of our systems. Whether we need to concentrate on that, we won't know until testing has finished on Friday."

TrendMicro issued an internet statement saying: "On January 09 2004, AERAsec Network Services and Security GmbH reported that the "vscan" component of InterScan VirusWall for Unix (ISUX) is vulnerable against to Denial of Service (DoS) bzip2 bombs, which are similar to "zip of death". Trend Micro advises users of these affected products and versions to take action IMMEDIATELY to protect their systems against this DoS."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.