Vulnerability Allows Hackers to Hijack Antivirus Software on Any Windows Version

Place you can talk about other things not related to autopatcher.
User avatar
Whatacrock
Release Maintainer
Release Maintainer
Posts: 1967
Joined: Mon Oct 28, 2013 10:47 am
Location: Australia
Contact:

Vulnerability Allows Hackers to Hijack Antivirus Software on Any Windows Version

Postby Whatacrock » Thu Mar 23, 2017 7:15 am

Vulnerability Allows Hackers to Hijack Antivirus Software on Any Windows Version

Security company Cybellum discovered a new zero-day attack that makes it possible for hackers to take control of the antivirus software running on a Windows system using a vulnerability that exists in all Windows versions out there, starting with Windows XP and ending with the most recent build of Windows 10.

The company explains in a blog published today that most major antivirus solutions are affected by this vulnerability, Including Avast, AVG, Avira, Bitdefender, Trend Micro, Comodo, ESET, F-Secure, Kaspersky, Malwarebytes, McAfee, Panda, Quick Heal, and Norton.

Called DoubleAgent, the exploit relies on a legitimate tool that Microsoft itself is offering in Windows and is named “Microsoft Application Verifier.” Built to help developers find bugs in their applications, this tool can be hijacked to replace the standard verifier with a custom verifier, which enables an attacker to take full control of the app.

The next step is to register a compromised DLL for a process belonging to security software, which in turn opens the door to more malicious activities, such as installing backdoors, add exclusions, delete files or even encrypt them in the typical ransomware attack.
"Only two companies patched their antivirus software"

Cybellum says it has already notified the affected security companies, but until now, only Malwarebytes and AVG released a patch.

“The sad, but plain fact is that the vulnerability is yet to be patched by most of the antivirus vendors and could be used in the wild to attack almost any organization that uses an antivirus. Once the attacker has gained control of the antivirus, he may command it to perform malicious operations on behalf of the attacker,” the firm says.

What’s worse is that DoubleAgent has the capabilities of injecting code even after users reboot the systems or install patches and updates, making it very difficult to remove the malware.

“Once a persistence technique is well-known, security products update their signatures accordingly. So once the persistence is known, it can be detected and mitigated by the security products.Being a new persistence technique, DoubleAgent bypasses AV, NGAV and other endpoint solutions, and giving an attacker ability to perform his attack undetected with no time limit,” the blog post reads.

http://news.softpedia.com/news/vulnerab ... 4167.shtml
"Now if you Sons of B*@ches got anything else to say, NOW'S THE F@#%ING TIME!!"

User avatar
TheAPGuy
Site Admin
Site Admin
Posts: 966
Joined: Sun Oct 27, 2013 12:38 am
Location: California
Contact:

Re: Vulnerability Allows Hackers to Hijack Antivirus Software on Any Windows Version

Postby TheAPGuy » Fri Mar 24, 2017 7:54 pm

Scary stuff there. All the way back to XP? No doubt the governments have been using it.


Return to “Other”

Who is online

Users browsing this forum: No registered users and 1 guest