Advanced NSA backdoor infects tens of thousands of Windows computers

jayar.decenella@gmail.com' By: Jay Decenella
2 minute read

Tens of thousands of Windows computers are potentially vulnerable to an advanced National Security Agency backdoor codenamed DoublePulsar. A group of hackers called Shadow Brokers revealed details of the backdoor in a recent leak.

Researchers from security firm Binary Edge found DoublePulsar on more than 107,000 computers in one internet scan. Errata Security CEO Rob Graham and researchers from Below0day also performed separate scans, which led to the discovery of some 41,000 and 30,000 infected machines, respectively. DoublePulsar remains stealthy by not writing files to the target computers in order to avoid persisting following a reboot.

Some find it hard to believe the figures as the NSA is known for aborting a mission if it is on the verge of being detected. Security experts believe, however, that other hackers have downloaded the DoublePulsar binary released by Shadow Brokers and used it to infect Windows computers.

Microsoft also dismissed the report, though it is now conducting an investigation. Meanwhile, Binary Edge provides a quick FAQ to help you check if your PC is infected.

Q – Am I infected by this?

A – Visit https://doublepulsar.binaryedge.io/ to check for free if it says “infected”: false an implant has not been detected on your ip address. If it says “infected”: true an implant was detected in one of our scans. If you need more information or would like to do mass testing across your organization please contact us on info@binaryedge.io we work with companies around the world that use us to monitor their perimeters.

Q – Does this mean the NSA infected 106,410 machines?

A – Probably not, this has been released for a while, the implant is beautifully designed and could have been used by other actors.

Q – Is your number right?

A – Multiple professionals have checked the detection script and agree it is well written and working well. We merely do the scanning and show the data of responses to that script.

Q – Should I panic?

A – Like any other infosec subject, panic doesn’t help. Talk with the person responsible for security at your organizations.

Fortunately, Windows 10 users are safe from the infection. Still, the best internet security practice is to avoid content that comes from suspicious sources.

Next up

2018 List: Best free Android emulators for Windows 10/8.1/7

By: Ivan Jenic
7 minute read

What Android emulator is the best for my Windows PC? Bluestacks MeMu Nox Remix OS Player Droid4X AMIDuOS Windroy Genymotion Xamarin Android Player Andy We’re […]

Continue Reading

New Windows 10 security flaw gives system privileges to hackers

By: Daniel Segun
2 minute read

Recently, a security researcher @SandboxEscaper disclosed in a tweet which has been deleted (the account also has been removed), that the task scheduler is vulnerable […]

Continue Reading

Microsoft devices could support Ultrafast wireless charging in the future

By: Daniel Segun
2 minute read

Microsoft may be developing a new wireless charging system called “Ultrafast’” for its devices, if a newly discovered patent gets approved for mass production. This […]

Continue Reading

Discussions