Just as the online community was recuperating from the last wave of malicious attacks, a new threat has surfaced that puts Windows users in danger. The new threat acts through antivirus programs themselves, making it worthy of the name DoubleAgent.
DoubleAgent is able to access and take control of a computer’s antivirus through a Windows XP vulnerability that is no less than 15 years old. Additionally, there is a Windows application that also contributes to how the attack works called Application Verifier which has been compromised as well
A dangerous threat is on the loose
This threat is scary because it allows attackers to take full control of an antivirus and wreck havoc on a system and its owner. By inserting a custom verifier into system software, attackers are able to take full control of any service on the computer. Security professionals are already on the job trying to find ways in which this form of attack can be combated or prevented. Here’s what they’ve found so far:
Once the attacker has gained control of the antivirus, he may command it to perform malicious operations on behalf of the attacker. Because the antivirus is considered a trusted entity, any malicious operation done by it would be considered legitimate, giving the attacker the ability to bypass all the security products in the organization.
The exploits this can lead to are scary
There are quite a few ways in which this kind of destructive tool can be used against users. Systems could either be controller or compromised completely, leaving owners with pretty much no defense.
While dangerous, malicious threats are usually blocked by an antivirus, meaning that the level of threat they pose is mitigated or at least slowed. In this case, there is nothing holding back DoubleAgent as it is free of any obstacle an antivirus might put in its way.
RELATED STORIES TO CHECK OUT: