Attackers could exploit a flaw in multiple antivirus products to create archives with malicious files without being detected, a SecuBox Labs researcher has warned in an advisory.
Security Tracker said a variety of archive file formats can be used in an exploit, including .rar and .cab.
According to the SecuBox Labs researcher, who goes by the name fRoGGz, those whose products are affected include:
- Kaspersky Lab;
- eTrust Iris and Vet;
- ClamAV; and
- Panda Software.
Other affected products are listed in the advisory.
"An attacker can compress a malicious payload and evade detection by some antivirus software," the researcher said in the SecuBox advisory. "The bypassed malicious content does not pose a risk until extracted from the .rar archive file." Unlike Winzip or BitZipper, which do not authorize the opening of the file, he said Winrar and PowerZip will open and extract it.
The advisory outlines proof-of-concept exploit code and notes that several of the affected antivirus companies have fixed the vulnerability in their products. "We recommend [you] test your system's configuration for more certainty," the advisory said.
Security Tracker and fRoGGz did not immediately return e-mailed requests for additional details.