Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT Technology

Hackers Breached 3 US Antivirus Companies, Researchers Reveal (arstechnica.com) 79

In a report published Thursday, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors. From a report: The collective, calling itself "Fxmsp," is selling both source code and network access to the companies for $300,000 and is providing samples that show strong evidence of the validity of its claims. Yelisey Boguslavskiy, director of research at AdvIntel, told Ars that his company notified "the potential victim entities" of the breach through partner organizations; it also provided the details to US law enforcement. In March, Fxmsp offered the data "through a private conversation," Boguslavskiy said. "However, they claimed that their proxy sellers will announce the sale on forums."
This discussion has been archived. No new comments can be posted.

Hackers Breached 3 US Antivirus Companies, Researchers Reveal

Comments Filter:
  • I haven't used anti-virus software in years since I dumped IE for whatever the browser du jour is alongside uBlock Origin and Nano Defender.
    The last items being the two parts of the holy browsing trinity if you use a browser like Brave.

    Haven't had a need for antivirus since and with this news, I'm glad I don't use it!

    • by Anonymous Coward

      I haven't used anti-virus software in years...

      The internet thanks you and it loves your computer too!

    • I haven't used anti-virus software in years since I dumped IE for whatever the browser du jour is alongside uBlock Origin and Nano Defender. The last items being the two parts of the holy browsing trinity if you use a browser like Brave.

      Hadn't heard of Nano Defender [google.com] before. Glad it works with Brave [brave.com], that I just recently switched to, and UBlock Origin [google.com]. So what's Defender do that NoScript [google.com], recently released for Chrome, doesn't?

      Nano extra installation steps [github.io] for UBlock.

      • by Agret ( 752467 )
        Nano Defender features anti-anti-adblock so it will attempt to bypass the checks on sites that detect adblocking.
    • by Trimaz ( 4609805 )
      Oh, you're one of those. I too browser /g/ and have also not used anti-virus software in years because I use Arch Linux.
    • I haven't used anti-virus software in years since I dumped IE for whatever the browser du jour is alongside uBlock Origin and Nano Defender. The last items being the two parts of the holy browsing trinity if you use a browser like Brave.

      Third-party browsers aren't magic. It hasn't even been a week since Firefox had an oopsy, and disabled all Firefox-extensions [slashdot.org]

      Haven't had a need for antivirus since and with this news, I'm glad I don't use it! The more likely reality is that you're running Windows 10, and don't realize that Windows Defender is built-in.

    • Glad you are so proud of your bad security practices. It's like reading posts by anti-vaccination people or flat earthers. Please tell us, how do you know you haven't had a virus?
    • How do you know if you don't need antivirus software? AV software is responsible for detecting the virus as well, isn't it? I know some virii are obvious but most aren't. Most are passive enough that you won't have a clue that they're there until you notice charges on your credit card that you didn't make, or maybe an extra line of credit you didn't request, etc.

  • If all they did is lift the code -- rather than say code in a backdoor or cause it to not examine certain exploits -- then I am extremely disappointed in the current crop of haxorz.

    • Can you imagine trying to understand the source code for Symantec antivirus? It is almost certainly a giant hedge maze of a mess, with a broken build system and three million dependencies.

      Security through obscurity.
      • Can you imagine trying to understand the source code for Symantec antivirus?
        It is almost certainly a giant hedge maze of a mess, ....

        Symantec AV product was initially built on top of Adventure [wikipedia.org].

        YOU ARE IN A MAZE OF TWISTY PASSAGES, ALL ALIKE.

      • by AmiMoJo ( 196126 )

        Around 2007 Norton Antivirus, as it was called then, actually got good. Quick install, minimal performance impact, didn't nag you about "tracking cookies" and other bullshit. You could even uninstall it without bricking your computer.

        It was a revelation after years of it being a complete bastard. But then the 2008 edition was a little more persistent with the notifications, and by 2010 it was back to being a pile of kak again. Apparently they tried making a good AV product, and realized that making a shit A

  • by kehren77 ( 814078 ) on Thursday May 09, 2019 @04:48PM (#58566096)

    The names of the 3 companies. That might be something that would be helpful as a concerned consumer.

    • by guruevi ( 827432 )

      At that price, I'm imagining Symantec, McAfee and Sophos, the largest but at the same time worst antivirus companies.

  • by Anonymous Coward

    An AV company is someone you allow to root your system, in exchange for protecting it against threats. The AV agent has, realistically, better than root access. Any binary pushed (and hopefully signed) by the AV vendor via an update will get executed on your system without any kind of intervention.

    Do you trust your AV vendor like that? I know I would not trust most. I wouldn't trust any AV vendor based in Russia or China because the state essentially controls them (Hello state security apparatus spyware!)

    Th

  • They should have used anti-virus software ... oh, wait

  • .. researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors

    What was the name of the Operating System these three US-based antivirus software vendors ran on?

    What was the name of the these three US-based antivirus software vendors?

    Why didn't their AV product detect the breach?

    Fxmsp has claimed that

Over the shoulder supervision is more a need of the manager than the programming task.

Working...