Take three: Antivirus apps could spread infection

By Robert Lemos
Staff Writer, CNET News

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
- Google
- Newsvine
- Yahoo! Bookmarks
- Twitter
- Stumbleupon
E-mail
Print

Related Stories: F-Secure flaw opens door to intruders
February 11, 2005; Symantec flaw leaves opening for viruses
February 9, 2005; Witty worm frays patch-based security
March 26, 2004

Internet Security Systems has found a flaw in Trend Micro's virus-scanning software--the third time this month that the security company has picked a hole in an antivirus product.

The vulnerability affects Trend Micro's Antivirus Library, a common set of code used by at least 29 Trend Micro products, according to separate advisories posted on Trend Micro's Web site on Wednesday and on ISS' site on Thursday. An attacker could create a program that exploits the security hole, causing the antivirus program to run a virus instead of blocking the malicious program, the companies said.

"Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines being protected by Trend Micro Antivirus Library products," ISS said in its advisory.

The flaw is similar to those found in antivirus software from Symantec and F-Secure. Because it's a library flaw, it adds up to a broad vulnerability in Trend Micro products that could be exploited to automatically run a malicious program. The flaw is caused by a memory error known as a heap overflow.

It affects not only Trend Micro applications on Windows systems, but also the company's software running on Linux, Solaris and other Unix-like operating systems.

"We looked at the issue, we verified it and found it to be true," said Joe Hartmann, North American director of antivirus research for Trend Micro. "We created a solution to it in a couple of days and...alerted our customers about the problem."

Among the products that are affected by the problem are various versions of Trend Micro InterScan, Trend Micro ScanMail and Trend Micro ServerProtect.

Trend Micro's advisory recommends that customers update their antivirus software to version 7.510, which fixes the problem.

ISS dealt with a flaw in its own security products nearly a year ago. The subsequent Witty worm exploited the security hole to spread to a modest number of computers on the Internet. A representative of ISS could not immediately be reached for comment.

See more CNET content tagged:
Trend Micro Inc., Internet Security Systems Inc., antivirus, advisory, security hole

Latest tech news headlines

Google launches Mail Goggles to save you from yourself
Posted in Webware by Rafe Needleman

October 6, 2008 11:36 PM PDT
Industrial Origami snaps up $17 million
Posted in Green Tech by Elsa Wenzel

October 6, 2008 11:26 PM PDT
Realism creeping into venture capital calculations
Posted in Webware by Rafe Needleman

October 6, 2008 11:15 PM PDT
See all headlines

Resource center from News.com sponsors

You Need The Speed of Norton 2009

Introducing Norton Internet Security™2009

With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

Nanotech: The Circuits Blog
AMD to spin off manufacturing
Company is expected to announce a long-expected restructuring of its manufacturing operations.
Gallery
Photos: Top 10 reviews of the week
News - Apple
Report: iPhone 2.2 getting Google's Street View
New iPhone firmware beta getting Google Maps Street View, Japanese emoji picture characters, and a typing autocorrect on-off switch, MacRumors reports.
Coop's Corner
OK, so I'm a tech Pollyanna. Sue me
Perfectly understandable if you're freaked out over the prolonged tech tumble in the stock market. But it's not as if we've never seen something like this before. Remember?
Video
DIY political ads proliferate
News - Digital Media
More companies bracing investors for current quarter
Amid troubled economic climate, public companies like SAP and Netflix are retooling Wall Street's expectations before they even report results of their third quarter.
Video
Nintendo DS-i: The wait begins
News - Politics and Law
'Capitol Tweet' widget follows Congress on Twitter
The nonprofit Sunlight Foundation is offering a widget to follow the latest tweets from Capitol Hill.
Crave
Palin, Biden bots stage showdown of their own
Student-made punching bots duke it out on the Washington University campus as the vice presidential candidates ready for the big debate inside.
Gallery
Photos: Nintendo showcases new DS-i, Wii games
Crossfade
Jah Cure, 'Journey Riddem': Free MP3 of the Day
In an era overstuffed with mediocre reggae-rap, Jah Cure reminds us what a compelling hybrid it can be. Download a free MP3 of "Journey Riddem" courtesy of CNET Download Music.
Green Tech
Industrial Origami snaps up $17 million
San Francisco start-up aims to bring to market its low-waste system of fold-up sheet metal for building appliances and automobiles.