Malware abuses antivirus software to attack computers

Posted 22 March 2017 19:11 CEST by Jan Willem Aldershoff

Security researchers have found a new type of malware that abuses antivirus software to attack an computer. The new malware was discovered by security researchers from Cybellum who call their method DoubleAgent. DoubleAgent is able to modify antivirus software by injecting code into it. They can do it in such a way that they can take full control over it.

DoubleAgent exploits a 15 year old vulnerability in the Microsoft Application Verifier that is available in all Windows version from XP to Windows 10. The Microsoft Application Verifier is normally used to find bugs in Windows applications.

The security researchers have found a way to use this so they can hijack software and make it do what they want.  By attacking anti virus software with DoubleAgent, an attacker is able to disable it remotely. After the antivirus software is turned off malware can be installed without the victim noticing it.

Because the hijacked software has access to the computer, it can also provide malware with full privileges. This means antivirus software actually aides in the attack.

According to the researchers virus scanners from McAfee, Kaspersky, Norton and Avast are vulnerable to the attack. Antivirus company Malwarebytes already protected its software against the DoubleAgent technique and Trend Micro plans to release an update soon.

Software vendors can protect themselves against the attack by using ‘Protected Processes’ in their applications. When using this, it’s impossible to execute unsigned code in their applications.



Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×