Reverse Engineered Antivirus Detects Classified Documents

No antivirus (AV) product is a silver bullet. But recent research has illustrated a weakness in the very concept of the antivirus signature. By altering the content in memory of a single signature, it’s possible to change the way the signature informs the AV engine about what it should be looking for: in this example, the string “TS/SCI”, which is seen as a marker on US-governmental top-secret documents…

*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Blog. Read the original post at: https://www.cylance.com/en_us/blog/reverse-engineered-antivirus-detects-classified-documents.html