Security experts have recently warned about a new dangerous code that can masquerade as applications to trick the ZoneAlarm firewall into allowing them to connect to the Internet, opening the door for hackers to attack.However, Zone Labs – the developer of the ZoneAlarm personal firewall – stated in a security advisory issued on September 1 that this entirely new attack method can only bypass the free version of ZoneAlarm or commercial versions up to 5.5 and the Check Point Integrity Client installed in default mode. Versions 6.0 and above are not vulnerable to this flaw.
If successful in deceiving the firewall application, such malicious code would gain the ability to connect to the Internet, but only through another application. If this malicious code attempts a direct Internet connection, it would still be blocked by ZoneAlarm.
Earlier this week, security researcher Debasis Mohanty published an example of this attack method. According to him, hackers could exploit a mechanism in the Windows operating system to link different applications – for instance, linking a keylogger program with Internet Explorer, allowing the malicious program designed to steal personal information to connect and send data back to the hackers.
Furthermore, Mohanty warned that this flaw could also exist in other firewall applications, not just ZoneAlarm.
However, John LaCour, the director of security services at Zone Labs, stated that so far, the company has not detected any malicious programs using this method to bypass ZoneAlarm. “This is merely a theoretical attack method and will likely never be implemented in practice.” Zone Labs categorizes this flaw as non-critical.
Zone Labs does not currently have plans to patch this new security vulnerability for the free firewall versions. Users of commercial versions of ZoneAlarm 5.5 and Check Point Integrity Client versions 6.0 and 5.5 can protect themselves from this security hole by enabling the Advanced Program Control feature or upgrading to a newer version.
HVD – (ZDNet)
