Hackers Hiding Behind Top-Rated Security Products to Breach Our Personal Devices

Written by: Francesco Trama | Published on: July 15th, 2016

About The Author

Francesco Trama
As Chief Executive Officer and Founder, Frank is responsible for the overall operating performance, leading the strategic direction of the company’s products and solutions internally while building technical and business credibility externally as a market-facing thought leader.

It is no secret that hackers are becoming more and more advanced while technology is ever-evolving.  They are becoming smarter and wittier to the “traps” that top-rated Government Affiliations are setting. On July 7, 2016, there was a stern warning issued to the public, made by the U.S Department of Homeland Security, in regards to all Symantec and Norton branded anti-virus users. The warning was a call-to-action to the public that hackers gained the ability to take control of a computer without the user’s consent or knowledge.

As we are all well aware, Symantec and Norton are two of the most popular security anti-virus/malware products on the market today.  These products are at the fingertips of most users, already being pre-installed on some devices when you purchase them. This leaves the customer with an already infected computer before ever even opening the box.  To give a better background of the issues at hand, let’s take a further look into Symantec and see what they do.

Symantec accesses the internal controls of your computer and opens up various ports for proper scanning. While Symantec was trying to help keep you and your computer secure, there was an error along the way.  This error opened ports allowing hackers to spread a virus through a network of companies and scan your personal information without ever knowing. Some of these vulnerabilities include, but are not limited to, the following:

CVE-2016-2207

  • Symantec Anti-virus multiple remote memory corruption unpacking RAR [1]

CVE-2016-2208

  • Symantec antivirus products use common unpackers to extract malware binaries when scanning a system. A heap overflow vulnerability in the ASPack unpacker could allow an unauthenticated remote attacker to gain root privileges on Linux or OSX platforms. The vulnerability can be triggered remotely using a malicious file (via email or link) with no user interaction.

CVE-2016-2209

  • Symantec: PowerPoint misaligned stream-cache remote stack buffer overflow

CVE-2016-2210

  • Symantec: Remote Stack Buffer Overflow in dec2lha library

CVE-2016-2211

  • Symantec: Symantec Anti-virus multiple remote memory corruption unpacking MSPACK ArchivesCVE-2016-3644
  • Symantec: Heap overflow modifying MIME messages

CVE-2016-3645

  • Symantec: Integer Overflow in TNEF decoder

CVE-2016 -3646

  • Symantec: missing bounds checks in dec2zip ALPkOldFormatDecompressor (U.S Cert-Gov)

After Symantec was addressed on this major issue, they provided patches or hotfixes to these vulnerabilities in their SYM16-008 and SYM16-010 security advisories. (U.S Cert-Gov).  It’s times like this where we notice today’s security falling through the gaps.  Network ports are being exposed and only later being found and used for malicious intent, such as the incident with Home Depot and Target.

New approaches to security are needed to combat these fopa’s we seem to continually make.  Hackers seem to always have the upper hand because we aren’t evolving our security measures.  We continually do the same repetitive thing, not fixing the issue in front of us.  We say it’s time for a change… This is what our focus has been on at PacketViper; limiting the way traffic enters our systems and/or how it exits the environment.  We never make the assumption that everything needs to enter or leave the environment, rather provide the ability to limit traffic very granular without adding complexity.

Want to know more about us… Check out www-packetviper.wwwmi3-sr2.supercp.com and see how we are changing the game with our Advanced IP Filtering and secure monitoring features.