Trend Micro Antivirus Was Opening a Node.js Debugging Server on All Machines

Discussion in 'Trend Micro' started by Dima007, Mar 31, 2016.

  1. Dima007

    Dima007 Level 22

    Apr 24, 2013
    Source: Trend Micro Antivirus Was Opening a Node.js Debugging Server on All Machines


    Trend Micro has released new versions of its antivirus and password manager products to address a security issue discovered by Google Project Zero researcher Tavis Ormandy.

    According to Mr. Ormandy, on default factory settings, Trend Micro's Maximum Security, Premium Security, and Password Manager products were opening a remote Node.js debugger stub and leaving it to listen for commands on a random localhost port.

    Mr. Ormandy put together an exploit that consisted of loading thousands of images that would query the localhost server on a different port number until they would uncover the one open for that client.

    He would then make calls via JavaScript to this port, executing commands on the user's machine. The exploit, which was trivial to put together, according to Mr. Ormandy, relied on attackers tricking users into accessing a malicious page, something that's not that out of the ordinary.

    Trend Micro delivered a quick fix, a permanent patch is in the works
    The researcher contacted Trend Micro staff, who for the past week have been working on a quick fix that would detect the vulnerable port the Node.js debugger was about to start and would initiate another service on it instead, preventing the debugger from binding to the port and shutting down.

    This quick patch was released on March 30, but Trend Micro has also started working on a permanent fix. This will take some time to implement, though, as this is a complex operation.

    According to Trend Micro, the vulnerability's source is in a module that loads a third-party binary. The Trend Micro team says it will have to crack open that binary, alter its source code to prevent the debugger from starting, and then reintegrate it into their apps' source code. The team estimates this will take around a month.
Similar Threads Forum Date
Help Me Decide F-Secure Safe, Avira Pro, Trend Micro Antivirus Plus or Panda Pro? Compare Apps Mar 7, 2017
(Promo) Trend Micro Antivirus 2015 1 User 1 Year - Download $4.95 limited offer Discounts & Deals Aug 19, 2015
Extended Trial Trend Micro Titanium Antivirus+ free for 6 months Giveaways, Promotions and Contests Jul 8, 2015
  • About Us

    Our community has been around since 2010, and we pride ourselves on offering unbiased, critical discussion among people of all different backgrounds about security and technology . We are working every day to make sure our community is one of the best.
  • Need Malware Removal Help?

    If you're being redirected from a site you’re trying to visit, seeing constant pop-up ads, unwanted toolbars or strange search results, your computer may be infected with malware. We offer free malware removal assistance to our members in the Malware Removal Assistance forum.
  • Quick Tip

    Without meaning to, you may click a link that installs malware on your computer. To keep your computer safe, only click links and downloads from sites that you trust. Don’t open any unknown file types, or download programs from pop-ups that appear in your browser.