Although anti-virus software has significantly evolved over
the last decade, classic signature matching based on byte
patterns is still a prevalent concept for identifying security
threats. Anti-virus signatures are a simple and fast detection
mechanism that can complement more sophisticated analysis
strategies. However, if signatures are not designed with care,
they can turn from a defensive mechanism into an instrument
of attack. In this paper, we present a novel method for
automatically deriving signatures from anti-virus software
and discuss how the extracted signatures can be used to
attack sensible data with the aid of the virus scanner itself.
To this end, we study the practicability of our approach
using four commercial products and exemplary demonstrate
anti-virus assisted attacks in three different scenarios.