Monday, February 11, 2008

Antivirus Setup File infected by VIRUT variant

Update: After reporting this issue to their Technical support, now they have changed the infected binary file (removed exactly the Extradat section from the whouses.exe file) and below is the result shown by virustotal.


When I download NetProtector 2008 trial version from Pune(INDIA) based Antivirus company's website, one of the file looks malicious to me. Then I picked that file "whouses.exe" and after analyzing I found that its infected by one of the VIRUT variant but not active, as its code is in the last section of the file (extradat section with no reference to it).

Later, I uploaded to VirusTotal for further results from other antivirus products and result was scary.

Flagging virus onto one of the file of an antivirus product itself is scary and shows the carelessness from the security firm which is supposed to protect their users from the malicious programs.

It shows that one of their development machine could have been infected by virus and finally the result is Antivirus product itself infected!!!

1 comment:

Unknown said...

Hey Dude wat's up? It's really damn holy shit about AV. Gr8 !