Malware abuses antivirus software to attack computers

Posted 22 March 2017 19:11 CEST by Jan Willem Aldershoff

Security researchers have found a new type of malware that abuses antivirus software to attack an computer. The new malware was discovered by security researchers from Cybellum who call their method DoubleAgent. DoubleAgent is able to modify antivirus software by injecting code into it. They can do it in such a way that they can take full control over it.

DoubleAgent exploits a 15 year old vulnerability in the Microsoft Application Verifier that is available in all Windows version from XP to Windows 10. The Microsoft Application Verifier is normally used to find bugs in Windows applications.

The security researchers have found a way to use this so they can hijack software and make it do what they want.  By attacking anti virus software with DoubleAgent, an attacker is able to disable it remotely. After the antivirus software is turned off malware can be installed without the victim noticing it.

Because the hijacked software has access to the computer, it can also provide malware with full privileges. This means antivirus software actually aides in the attack.

According to the researchers virus scanners from McAfee, Kaspersky, Norton and Avast are vulnerable to the attack. Antivirus company Malwarebytes already protected its software against the DoubleAgent technique and Trend Micro plans to release an update soon.

Software vendors can protect themselves against the attack by using ‘Protected Processes’ in their applications. When using this, it’s impossible to execute unsigned code in their applications. settings

Several settings at can be changed, they are stored in cookies, which means they will be reset if you clear cookies


Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here


Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page