Google Security Research today announced Trend Micro anti-virus has a major design flaw allowing external attackers to execute or install any software on a remote PC.
When you install Trend Micro Antivirus for Windows, it also installs a web server as part of its software suite to handle internal API requests. One of these API request handlers uses the Windows system call “ShellExecute”, which allows you to run any piece of software on the PC. This web server is also running as a privileged user, so even if you don’t have admin access on you PC, this software does!
So for example, someone could send you an email with an attached .html file that, when viewed, could do anything, such as:
- Format your HD
- Download and install a keylogger
- Uninstall TrendMicro Antivirus for you
A link to original announcement from Google:
While Trend Micro are working on a fix, the industry analysts are polemicizing whether this was a deliberate feature, not a mistake.
In a world where trust is critical, the crucial question is now being asked: “Are there any more holes and are we even safe from our anti-virus?”