Imagine obtaining a call from the IT section of your company’s telling you your workstation was undermined and you also need to stop what you are doing instantly. How did this occur?

A couple of days after, an unexpected response comes down from the security business your business hired to investigate the incident: Hackers got in by using a flaw in the corporate antivirus software installed in your personal computer, the exact same software that is designed to shield it from attacks. And all it took was for attackers to send an email message that you did not even open to you.

This scenario might seem farfetched, but it is not. Based on susceptibility researchers who’ve examined antivirus software before, such strikes could already have happened, and are rather likely. A number of them have attempted to sound the alarm about the ease of discovering and using crucial defects in endpoint antivirus products for a long time.

A lot of these susceptibility would have enabled attackers to remotely run malicious code on computers, to mistreat the functionality of the antivirus products to gain higher privileges on systems that were endangered and even to overcome the anti-exploitation shields of third party programs.

No user interaction was needed by using some of these susceptibility and could have enabled the development of computer worms — self-propagating malware software.

Signs indicates that strikes against antivirus goods, particularly in corporate environments, are both likely and possible. Some researchers consider that such attacks have already happened, although antivirus sellers may not be conscious of them due to the quite small variety of casualties.

The intelligence agencies of numerous authorities have long had an interest in antivirus defects.

A cyberespionage group called The Mask or Careto, possibly state-sponsored, is well known to have tried to use a vulnerability in older versions of Kaspersky antivirus products as a way to evade detection. The group compromised computers belonging to hundreds of private and government organizations from over 30 states before its actions were exposed in February 2014.

There is also a demand for remote code execution exploits changing antivirus products while all these are primarily examples of using antivirus susceptibility to evade detection and specialized agents on the mostly unregulated exploit marketplace are selling these.

One of the e-mails leaked from Italian surveil company Hacking Team there’s a file with exploits offered for sale via an outfit called Susceptibility Brokerage International.

This has been going on for more than a decade, based on former chief technology officer at security research company IOActive, chief security officer at intrusion detection seller Vectra and Gunter Ollmann. There are firms that specialize in reverse engineering popular background antivirus products from states where their customers have an interest, he said via e-mail. In addition they reverse engineer existing malware so that they could hijack infected systems, he said.

“From a state-actor view, it wouldn’t be in their best interest to be found doing this sort of thing, so goals are modest and carefully controlled,” Ollmann said.

The truth is, Russian and Chinese cyberespionage groups have demonstrated their ability to discover and develop exploits for vulnerabilities that were previously unknown in popular programs, thus using those same abilities to antivirus products should not be a trouble.

“In our forecasts for 2016, we particularly mention that assaults on security research workers and protection sellers may be a future trend in information security; yet, we don’t consider these will be prevalent strikes,” said Vyacheslav Zakorzhevsky, the head of anti-malware research at Kaspersky Lab, via e-mail. “For instance, security researchers might be assaulted via endangered research tools, and since all applications includes susceptibility, there’s a chance that security software might be affected on a targeted and limited foundation.”

Antivirus seller Bitdefender said in an e-mailed statement that targeted strikes against endpoint security software “are undoubtedly potential,” but that they’ll probably be aimed at business environments, not consumers.

Penetration examiners have for ages been conscious of the exploitation possibility of antivirus products. A security researcher who works for a big technology firm said that his team regularly attempts to use vulnerabilities in antivirus direction servers during penetration testing engagements those servers have privileged control over endpoint systems and may be utilized for lateral movement inside corporate networks, because. Because he did not have approval from his company to comment for this story, he wanted to stay anonymous.

Exploits for corporate antivirus direction servers can be discovered in public exploit databases and were recorded in the portfolio of Susceptibility Brokerage International.

Antivirus sellers do not appear overly worried about the possibility for widespread strikes against their consumer products. For the most part, researchers concur that such strikes are not likely for now because typical cybercriminal gangs have other, more popular, objectives to assault for example Silverlight, Java, Flash Player, Internet Explorer or Microsoft Office.

But, the originators of those extensively used programs have added work mitigations to them in the last few years, attackers may be required to locate new goals, and as more individuals upgrade to newer and better shielded variations.

For the time being, though, organizations rather than consumers might face the maximum threat of assault particularly those running in sectors often targeted by cyberespionage groups, through antivirus defects.