DoubleAgent Attack

DoubleAgent Attack

           



 A zero-day attack called DoubleAgent can take over antivirus software on Windows machines and 

 turn it into malware that encrypts files for ransom, exfiltrates data or formats the hard drives.

 Based on a 15-year-old feature in Windows from XP through Windows 10, the attack is effective 

 against all 14 antivirus products tested by security vendor Cybellum.

 DoubleAgent was discovered by Cybellum researchers posted by them on Mar 22,2017  and has 

 not been seen in the wild.

 As Cybellum say : " Our research team has uncovered a new Zero-Day attack for taking full control over major antiviruses and next-generation antiviruses. Instead of hiding and running away from the antivirus, attackers can now directly assault and hijack control over the antivirus. 
The attack begins when the attacker injects code into the antivirus by exploiting a new Zero-Day vulnerability. Once inside, the attacker can fully control the antivirus. We named this attack DoubleAgent, as it turns your antivirus security agent into a malicious agent, giving an illusion that the antivirus protects you while actually it is abused in order to attack you".

 "DoubleAgent gives the attacker the ability to inject any DLL into any process. The code injection occurs extremely early during the victim’s process boot, giving the attacker full control over the process and no way for the process to protect itself. The code injection technique is so unique that it’s not detected or blocked by any antivirus".

 The list of vendors that have been tested by them and found to be vulnerable to DoubleAgent:

Avast 
AVG 
Avira 
Bitdefender 
Trend Micro 
Comodo
ESET
F-Secure
Kaspersky
Malwarebytes
McAfee
Panda
Quick Heal
Norton

DoubleAgent can exploit:


                                            

Every Windows version (Windows XP to Windows 10)

 Every Windows architecture (x86 and x64)

 Every Windows user (SYSTEM/Admin/etc.)

 Every target process, including privileged processes (OS/Antivirus/etc.).

 DoubleAgent exploits a 15 years old legitimate feature of Windows and therefore cannot be 

 patched.



About

InfoTech is a Website that publishes articles related to Cisco, Linux , Tutorials,Tips related to popular linux Distributions like Fedora, Ubuntu,etc and Technology.Our goal is to provide a superior Support for Technical people in IT industry and also for new techies. We, as a team want to share our IT skills and experience through our website.

Next
« Prev Post
Previous
Next Post »
Inscription à : Publier les commentaires (Atom)