HAWKI

What Say Thee Emsisoft? DoubleAgent: Taking Full Control Over Your Antivirus

Recommended Posts

"Our research team has uncovered a new Zero-Day attack for taking full control over major antiviruses and next-generation antiviruses. Instead of hiding and running away from the antivirus, attackers can now directly assault and hijack control over the antivirus.
The attack begins when the attacker injects code into the antivirus by exploiting a new Zero-Day vulnerability. Once inside, the attacker can fully control the antivirus. We named this attack DoubleAgent, as it turns your antivirus security agent into a malicious agent, giving an illusion that the antivirus protects you while actually it is abused in order to attack you.


DoubleAgent exploits a 15 year old vulnerability which works on all versions of Microsoft Windows, starting from Windows XP right up to the latest release of Windows 10. The sad, but plain fact is that the vulnerability is yet to be patched by most of the antivirus vendors and could be used in the wild to attack almost any organization that uses an antivirus..."

 

https://cybellum.com/doubleagent-taking-full-control-antivirus/

 

Edit Update: OoOps: Also posted here, Sorry: 

 

Share this post


Link to post
Share on other sites
3 hours ago, HAWKI said:

Our research team has uncovered a new Zero-Day attack ...

I'll start by saying this; Zero Day means that the vulnerability is already being exploited by malicious attackers, malware, etc. on the same day the vulnerability has been discovered. Thus, the software developer has "zero days" to fix the vulnerability. Aside from the proof-of-concept made public by Cybellum, I am not aware of this being exploited (although it probably will be now that it's been made public).

 

3 hours ago, HAWKI said:

The sad, but plain fact is that the vulnerability is yet to be patched by most of the antivirus vendors and could be used in the wild to attack almost any organization that uses an antivirus...

The only way that could be exploited is if the malware managed to go unnoticed by the anti-virus software long enough for it to register a debugger on the system. It's fairly rare for malware to do something malicious that out Behavior Blocker doesn't catch, so the odds are fairly good that our Behavior Blocker would catch it. We can tweak the Behavior Blocker at any time to detect and alert for anything we want, and even tweak it to automatically block anything we want, and then just send it out in an update so everyone can be protected. ;)

Share this post


Link to post
Share on other sites

I look at it this way. There will always be attacks on anything connected to the internet. If major companies and the federal goverment can get hacked, I will not

lose any sleep over a post like this.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.