Windows vulnerabilities make way for new dangerous DoubleAgent malware threat

By: Costea Lestoc
2 minute read
Ramnit Malware

Just as the online community was recuperating from the last wave of malicious attacks, a new threat has surfaced that puts Windows users in danger. The new threat acts through antivirus programs themselves, making it worthy of the name DoubleAgent.

DoubleAgent is able to access and take control of a computer’s antivirus through a Windows XP vulnerability that is no less than 15 years old. Additionally, there is a Windows application that also contributes to how the attack works called Application Verifier which has been compromised as well

A dangerous threat is on the loose

This threat is scary because it allows attackers to take full control of an antivirus and wreck havoc on a system and its owner. By inserting a custom verifier into system software, attackers are able to take full control of any service on the computer. Security professionals are already on the job trying to find ways in which this form of attack can be combated or prevented. Here’s what they’ve found so far:

Once the attacker has gained control of the antivirus, he may command it to perform malicious operations on behalf of the attacker. Because the antivirus is considered a trusted entity, any malicious operation done by it would be considered legitimate, giving the attacker the ability to bypass all the security products in the organization.

The exploits this can lead to are scary

There are quite a few ways in which this kind of destructive tool can be used against users. Systems could either be controller or compromised completely, leaving owners with pretty much no defense.

While dangerous, malicious threats are usually blocked by an antivirus, meaning that the level of threat they pose is mitigated or at least slowed. In this case, there is nothing holding back DoubleAgent as it is free of any obstacle an antivirus might put in its way.

RELATED STORIES TO CHECK OUT:

Next up

These features are out for good with Windows 10 version 1809

iamsovy@gmail.com' By: Sovan Mandal
2 minute read

Microsoft is all set to launch its next big update, Windows 10 version 1809 in October. While that should be a nice piece of news […]

Continue Reading

Windows 10 18H2 builds no longer receive new features

By: Matthew Adams
3 minute read

The Windows 10 October 2018 Update (otherwise 18H2) rollout might now be two to three weeks away. For the last few months, new build previews […]

Continue Reading

Windows 7 KB4457139 makes it easier to upgrade to Windows 10

By: Madeleine Dean
2 minute read

Microsoft released a new Windows 7 update to the general public. Update KB4457139 is actually a preview of the upcoming monthly rollup update and allows users […]

Continue Reading

Discussions