Home Security Vault 7: CIA indicates it has cracks for common security products

Vault 7: CIA indicates it has cracks for common security products

A number of personal security products from numerous vendors are listed in the Vault 7 CIA document dump released by WikiLeaks on Tuesday US time, indicating that it may have cracks for all of them.

Details of the exploits for most of these products have been redacted by the organisation which mentioned that it had redacted more than 70,000 details, including names and IP addresses.

Among the companies listed are Comodo, Avast, F-Secure, Zemana Antilogger, Zone Alarm, Trend Micro, Symantec, Rising, Panda Security, Norton, Malwarebytes Anti-Malware, EMET (Enhanced Mitigation Experience Toolkit), Microsoft Security Essentials, McAfee, Kaspersky, GDATA, ESET, ClamAV, Bitdefender, Avira, and AVG.

For F-Secure, these notes about exploits have been retained: "...F-Secure has generally been a lower tier product that causes us minimal difficulty. The only annoyance we have observed is that F-Secure has an apparent entropy-based heuristic that flags Trojaned applications or other binaries containing encrypted/compressed payloads.

"Two defeats are known to exist: On involves using RAR file string tables in the resource section, the other involves cloning a RAR file manifest file – the manifest technique also works against Avira's entropy-based heuristics."

For AVG, it lists the products supplied by the company and adds one way to defeat it: "AVG Fake Installer Trick: AVG catches a payload dropped to disk and launched via link file well after execution (process hollowing).

And for Avira, this is retained: "Avira has historically been a popular product among CT targets, but is typically easy to evade. Similar to F-Secure, Avira has an apparent entropy-based heuristic that flags binaries containing encrypted/compressed payloads, but there are two known defeats."

There are links to entropy defeats for both Avira and F-Secure.

The reason why WikiLeaks has chosen not to reveal details of weaponised exploits which were present in the document dump is unknown. But one reason may be this.


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.