Reverse Engineered Antivirus Detects Classified Documents

No antivirus (AV) product is a silver bullet. But recent research has illustrated a weakness in the very concept of the antivirus signature. By altering the content in memory of a single signature, it’s possible to change the way the signature informs the AV engine about what it should be looking for: in this example, the string “TS/SCI”, which is seen as a marker on US-governmental top-secret documents…

This is a Security Bloggers Network syndicated blog post authored by Cylance Blog. Read the original post at: Cylance Blog