eScan confirms update server breached to push malicious update

[XLR8R]

I was just starting to plan its test... now we'll have to wait for eScan to fix its issues !

I'd hate to test an antivirus that has a hidden Trojan at the moment.

There is none; issue has already been solved. This particular issue occurred on January 20 and has been completely fixed as of the 27th. I contacted support and was given this information - today is the 30th.
That being said, they haven't actually changed anything in the updater - every change is server-side.
But my wager is, it is safe to test for now.

 

[LinuxFan58]

It may be using even Avast and Check Point engines side by side.

The entire software stack is inferior, held by duct tape and prayer. This is inevitable when cost cutting (which it’s not like all Asians are not very well known for) above all.

This is how they got pwned.

Sadly, you may be surprised how much or the corporate software also holds on prayers and duct tape.

Well for corporate purpose duct tape is a bad thing, but I once repatriated the (hospitalized) wife of a friend of mine (with him), we could not fly in or out, the country she was in (because of political circumstances). So next best thing was to fly into a neighboring country and buy a car and drive in. We bought an old Dacia 1300 station (sun blistered red with one door in another color) to get her out and with some basic tools, tie-raps and duct-tape we managed to drive through Senegal, Mauritania and Morocco into Spain to get her proper treatment.

You will be surprised what you can fix with duct-tape and tie-raps, so never underestimate the power of duct-tape and a short prayer

 

[Khushal]

eScan confirms update server breached to push malicious update

Supply chain attack on eScan antivirus: detecting and remediating malicious updates

On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc.

securelist.com

The persistence configuration payload created a scheduled task that launched a PowerShell script. Interestingly, the payload does not do anything if specific security solutions - including Kaspersky - are installed on the machine.

 

[ForgottenSeer 114717]

History repeats itself. Another AV vendor got pawned.

AV vendors been pwned so many times that all their personnel have that pink thingy sticking out particular orifices.

Then Lemmiwinks is performing reconnaissance in their personnels' guts.