Advanced NSA backdoor infects tens of thousands of Windows computers

2 minute read

Home » News » Advanced NSA backdoor infects tens of thousands of Windows computers

Tens of thousands of Windows computers are potentially vulnerable to an advanced National Security Agency backdoor codenamed DoublePulsar. A group of hackers called Shadow Brokers revealed details of the backdoor in a recent leak.

Researchers from security firm Binary Edge found DoublePulsar on more than 107,000 computers in one internet scan. Errata Security CEO Rob Graham and researchers from Below0day also performed separate scans, which led to the discovery of some 41,000 and 30,000 infected machines, respectively. DoublePulsar remains stealthy by not writing files to the target computers in order to avoid persisting following a reboot.

Some find it hard to believe the figures as the NSA is known for aborting a mission if it is on the verge of being detected. Security experts believe, however, that other hackers have downloaded the DoublePulsar binary released by Shadow Brokers and used it to infect Windows computers.

Microsoft also dismissed the report, though it is now conducting an investigation. Meanwhile, Binary Edge provides a quick FAQ to help you check if your PC is infected.

Q – Am I infected by this?

A – Visit https://doublepulsar.binaryedge.io/ to check for free if it says “infected”: false an implant has not been detected on your ip address. If it says “infected”: true an implant was detected in one of our scans. If you need more information or would like to do mass testing across your organization please contact us on info@binaryedge.io we work with companies around the world that use us to monitor their perimeters.

Q – Does this mean the NSA infected 106,410 machines?

A – Probably not, this has been released for a while, the implant is beautifully designed and could have been used by other actors.

Q – Is your number right?

A – Multiple professionals have checked the detection script and agree it is well written and working well. We merely do the scanning and show the data of responses to that script.

Q – Should I panic?

A – Like any other infosec subject, panic doesn’t help. Talk with the person responsible for security at your organizations.

Fortunately, Windows 10 users are safe from the infection. Still, the best internet security practice is to avoid content that comes from suspicious sources.

Discussions

Next up

Scroll bar is missing in Chrome on Windows 10 [FIX]

Alexandru Voiculescu By: Alexandru Voiculescu
2 minute read

Google Chrome is the most popular browser out there. It is a reliable tool to surf the Internet and has many great features. However, nothing […]

Continue Reading

What to do when your Uplay achievements are not syncing

John Taylor avatar. By: John Taylor
2 minute read

Uplay is an amazing game distribution platform created by Ubisoft. It can be used to buy and download games as well as DLCs. It can […]

Continue Reading

FIX: Ubisoft server unavailable

John Taylor avatar. By: John Taylor
2 minute read

The market is filled with game distribution platforms like Steam, Epic Games Store or GOG. As such, some gaming giants have decided to build their […]

Continue Reading