Tens of thousands of Windows computers are potentially vulnerable to an advanced National Security Agency backdoor codenamed DoublePulsar. A group of hackers called Shadow Brokers revealed details of the backdoor in a recent leak.
Researchers from security firm Binary Edge found DoublePulsar on more than 107,000 computers in one internet scan. Errata Security CEO Rob Graham and researchers from Below0day also performed separate scans, which led to the discovery of some 41,000 and 30,000 infected machines, respectively. DoublePulsar remains stealthy by not writing files to the target computers in order to avoid persisting following a reboot.
Some find it hard to believe the figures as the NSA is known for aborting a mission if it is on the verge of being detected. Security experts believe, however, that other hackers have downloaded the DoublePulsar binary released by Shadow Brokers and used it to infect Windows computers.
Microsoft also dismissed the report, though it is now conducting an investigation. Meanwhile, Binary Edge provides a quick FAQ to help you check if your PC is infected.
Q – Am I infected by this?
A – Visit https://doublepulsar.binaryedge.io/ to check for free if it says “infected”: false an implant has not been detected on your ip address. If it says “infected”: true an implant was detected in one of our scans. If you need more information or would like to do mass testing across your organization please contact us on firstname.lastname@example.org we work with companies around the world that use us to monitor their perimeters.
Q – Does this mean the NSA infected 106,410 machines?
A – Probably not, this has been released for a while, the implant is beautifully designed and could have been used by other actors.
Q – Is your number right?
A – Multiple professionals have checked the detection script and agree it is well written and working well. We merely do the scanning and show the data of responses to that script.
Q – Should I panic?
A – Like any other infosec subject, panic doesn’t help. Talk with the person responsible for security at your organizations.
Fortunately, Windows 10 users are safe from the infection. Still, the best internet security practice is to avoid content that comes from suspicious sources.