Bala Girisaballa, Vice President, Head of Product Management and Marketing explained how hackers can target a seemingly secure system and break into it by exploiting its antivirus software. "An attacker first crafts an email with malicious payload and sends it to the target user. When the email is scanned by the vulnerable antivirus software it can either crash the antivirus software or execute arbitrary code resulting in complete security bypass and remote system compromise" he added.
iViZ "Green Cloud Security" Vulnerability Research team conducts extensive research on new vulnerability discovery and attack techniques. Using variety of file fuzzing techniques it has discovered abnormal behavior in several security tools when handling complex or unusual executable header data especially in the case of executables packed with 3rd party packers like UPX, FSG etc. In such events, multiple bugs were found in antivirus software while processing malformed packed executables. Some of these bugs proved to be security vulnerabilities which could make the antivirus itself as a back door for hackers. The affected antivirus software vendors were informed of this anomalous behavior.