APPS
APPS
APPS
Antivirus-breaking exploit found in Windows security mechanism
Practically all of the leading antivirus programs that Windows users rely on to protect their devices can be turned against them, according to Cybellum Networks Ltd.
The threat stems from a newly discovered zero-day flaw, one that was previously undiscovered, in Microsoft Corp.’s operating system that could enable hackers to avoid most conventional methods of combating malware. Cybellum said in a blog post today that the issue lies with Application Verifier, a mechanism employed by Windows to identify applications suffering from security flaws.
The tool’s weakness is the way in which it looks for vulnerabilities. Under normal circumstances, Application Verifier attaches a DLL file to every program that looks for misuse of memory resources and other potential indicators of foul play. DoubleAgent, as Cybellum has named the exploit, allows hackers to replace the file with malware.
The access rights that are afforded to Application Verifier because it’s part of Windows allow hackers to carry out a wide range of attacks with little risk of detection. Cybellum says DoubleAgent can be exploited to steal data from a program, alter its behavior and infect other software among others. Worse, the DLL files used by the mechanism are permanently stored in the part of Windows responsible for launching programs, which means infections can’t be cleared by reinstalling a compromised application.
Cybellum claims to DoubleAgent may be exploited to breach “any” Windows software, but the risk to antivirus offerings is particularly severe given their vital role in upholding security and the increased likelihood of attackers trying to target them. The internal safeguards that most threat detection tools employ to block hacking attempts did little to mitigate the exploit in the startup’s tests. According to its blog post, its researchers found 14 popular antivirus programs to be vulnerable (pictured).
Cybellum Chief Executive Slava Bronfman told Network World that only AVG and Malwarebytes have patched their respective offerings so far, but the rest of the market will no doubt follow suit given the severity of the threat. Microsoft can be expected to issue a patch as well seeing that the fault is ultimately in Windows. In the meantime, users of the company’s operating system should probably take extra care to avoid suspicious sites and risky downloads.
Here’s a video demonstrating the exploit:
Image: Cybellum
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
