Home Security Vault 7: CIA indicates it has cracks for common security products

A number of personal security products from numerous vendors are listed in the Vault 7 CIA document dump released by WikiLeaks on Tuesday US time, indicating that it may have cracks for all of them.

Details of the exploits for most of these products have been redacted by the organisation which mentioned that it had redacted more than 70,000 details, including names and IP addresses.

Among the companies listed are Comodo, Avast, F-Secure, Zemana Antilogger, Zone Alarm, Trend Micro, Symantec, Rising, Panda Security, Norton, Malwarebytes Anti-Malware, EMET (Enhanced Mitigation Experience Toolkit), Microsoft Security Essentials, McAfee, Kaspersky, GDATA, ESET, ClamAV, Bitdefender, Avira, and AVG.

For F-Secure, these notes about exploits have been retained: "...F-Secure has generally been a lower tier product that causes us minimal difficulty. The only annoyance we have observed is that F-Secure has an apparent entropy-based heuristic that flags Trojaned applications or other binaries containing encrypted/compressed payloads.

"Two defeats are known to exist: On involves using RAR file string tables in the resource section, the other involves cloning a RAR file manifest file – the manifest technique also works against Avira's entropy-based heuristics."

For AVG, it lists the products supplied by the company and adds one way to defeat it: "AVG Fake Installer Trick: AVG catches a payload dropped to disk and launched via link file well after execution (process hollowing).

And for Avira, this is retained: "Avira has historically been a popular product among CT targets, but is typically easy to evade. Similar to F-Secure, Avira has an apparent entropy-based heuristic that flags binaries containing encrypted/compressed payloads, but there are two known defeats."

There are links to entropy defeats for both Avira and F-Secure.

The reason why WikiLeaks has chosen not to reveal details of weaponised exploits which were present in the document dump is unknown. But one reason may be this.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities