Advanced NSA backdoor infects tens of thousands of Windows computers

Edward Hudson By: Edward Hudson
2 minute read

Tens of thousands of Windows computers are potentially vulnerable to an advanced National Security Agency backdoor codenamed DoublePulsar. A group of hackers called Shadow Brokers revealed details of the backdoor in a recent leak.

Researchers from security firm Binary Edge found DoublePulsar on more than 107,000 computers in one internet scan. Errata Security CEO Rob Graham and researchers from Below0day also performed separate scans, which led to the discovery of some 41,000 and 30,000 infected machines, respectively. DoublePulsar remains stealthy by not writing files to the target computers in order to avoid persisting following a reboot.

Some find it hard to believe the figures as the NSA is known for aborting a mission if it is on the verge of being detected. Security experts believe, however, that other hackers have downloaded the DoublePulsar binary released by Shadow Brokers and used it to infect Windows computers.

Microsoft also dismissed the report, though it is now conducting an investigation. Meanwhile, Binary Edge provides a quick FAQ to help you check if your PC is infected.

Q – Am I infected by this?

A – Visit https://doublepulsar.binaryedge.io/ to check for free if it says “infected”: false an implant has not been detected on your ip address. If it says “infected”: true an implant was detected in one of our scans. If you need more information or would like to do mass testing across your organization please contact us on info@binaryedge.io we work with companies around the world that use us to monitor their perimeters.

Q – Does this mean the NSA infected 106,410 machines?

A – Probably not, this has been released for a while, the implant is beautifully designed and could have been used by other actors.

Q – Is your number right?

A – Multiple professionals have checked the detection script and agree it is well written and working well. We merely do the scanning and show the data of responses to that script.

Q – Should I panic?

A – Like any other infosec subject, panic doesn’t help. Talk with the person responsible for security at your organizations.

Fortunately, Windows 10 users are safe from the infection. Still, the best internet security practice is to avoid content that comes from suspicious sources.

For various PC problems, we recommend this tool.

This software will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Fix PC issues now in 3 easy steps:

  1. Download this PC Repair Tool rated "Excellent" on TrustPilot.com.
  2. Click “Start Scan” to find Windows issues that could be causing PC problems.
  3. Click “Repair All” to fix all issues with Patented Technologies (requires upgrade).

Discussions

Next up

Dutch Regulators catch Windows 10 breaching GDPR

Giles Ensor avatar. By: Giles Ensor
3 minute read

Two years in the offing and GDPR is still being breached. It will come as no surprise to many that a big, American tech company […]

Continue Reading

Microsoft was just playing with Mail ads and turned them off

Giles Ensor avatar. By: Giles Ensor
3 minute read

The symbiosis of the internet and advertising has long been understood. Everyone understands that if you have access to something that is ‘free’, inasmuch as […]

Continue Reading

Mozilla adds alerts about recently breached sites into Firefox browser

Giles Ensor avatar. By: Giles Ensor
3 minute read

Firefox has announced that it will start to warn users if they visit any breached sites. This is in an attempt to not only make […]

Continue Reading