Ad-Aware is a poorly written anti-spyware program from Lavasoft. Running
it gives you a false sense of safeness. There can be done numerous attacks
against this software. I’ll show some of the problems and attacks in this
write-up. Here’s just a summary of the most visible problems I’ve run into.
1. Definition file
1.1. „Encrypted“ with xor \
1.2. Packed with ZIP with simple password – trivial to intercept def
updates and change the defs
to make the malware invisible
1.3. No checksum in the def file /
1.4. Big redundancy in the def file
1.5. !!! Multiplying the number of entries in the def file with constant
1.46 to make it look it has more definitions !!!
2. Program
2.1. Poorly written checksum algo
2.2. Poorly written scanning algo (slow as hell)
2.3. CSI works only for in-memory images and is useless