535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

March 22, 2017

URGENT: New Malware Can Weaponize Windows Antivirus Software

Is your business using third party antivirus software to protect its Windows machines? If so, your software may be vulnerable to a cyberattack.

A new proof-of-concept exploit has been discovered, called DoubleAgent, which targets Windows antivirus software and transforms it into malware. This attack can be used to encrypt private files and hold them for ransom. The malware does this by exploiting a vulnerability in Microsoft Application Verifier, which fixes bugs in native applications.

Researchers at Cybellum recently found the attack to be effective against 14 antivirus products, as well as other computer processes. However, no DoubleAgent attacks have been reported in the wild yet.

According to Network World, as of today just two out of the 14 antivirus vendors that have been notified about the vulnerability — Malwarebytes and AVG — have taken steps to address the issue. Bitdefender, Avira, Avast, Trend Micro, Comodo, ESET, Kaspersky, Panda, McAfee, Quick Heal and Norton have yet to take action although several vendors have released statements.

Here are some, courtesy of Network World:

"At this time, we have confirmed that Titanium is the only product affected by this vulnerability, and we do have a patch in the works to be published as an urgent security bulletin later this morning.”—Trend Micro

"No we are not vulnerable to this AppVerifier injection...For this attack to be successful, [the] malware author should be able to bypass [Comodo Internet Security] protection. CIS by-default allows only whitelisted applications to modify such critical keys. Non-whitelisted applications will be either blocked or sandboxed rendering the attack ineffective." – Comodo Vice President of Worldwide Engineering Egemen Tas

"Kaspersky Lab would like to thank Cybellum Technologies LTD for discovering and reporting the vulnerability which made a DLL Hijacking attack possible via an undocumented feature of Microsoft Application Verifier. The detection and blocking of this malicious scenario has been added to all Kaspersky Lab products from March 22, 2017." – Kaspersky Lab

Perhaps the scariest part of this attack is the fact that it is incredible easy to deploy. According to Cybellum CEO Slava Bronfman, just about anyone can do it — even someone “with the coding skills of a script kiddie.” It simply requires downloading the code from an infected website or by opening a malicious attachment. So now that the attack has been made public, you can bet your bottom dollar that hackers will start using it against businesses. 

So if you are using antivirus software to protect your business, make sure to contact your vendor to find out if your solution is vulnerable to the DoubleAgent attack. Take action before hackers  do.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York CityWhite Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

To ensure your security, consider one of our most popular services — Auditing & Documentationwhich pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.

Related Articles