Masquerade Attacks Against Security Software Exclusion Lists.
2019
Security software, commonly known as Antivirus, has evolved
from simple virus scanners to become multi-functional security suites. To
combat ever-growing malware threats, modern security software utilizes both
static and dynamic analysis to assess malware threats, inevitably leading to
occasional false positive and false negative reports. To mitigate this,
existing state-of-the-art security software offers the feature of Exclusion
Lists to allow users to exclude specified files and folders from being scanned
or monitored. Through rigorous evaluation, however, we found that some of such
products stored their Exclusion Lists as unencrypted cleartexts either in known
or predictable locations. In this paper we empirically demonstrate how easy it
is to exploit the Exclusion Lists by launching masquerade attacks. We argue
that the Exclusion Lists should be better implemented such as using application
whitelisting, the contents of the lists to be better safeguarded, and only be
readable by authorized entities within a strong access control scheme.
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
9
References
3
Citations
NaN
KQI