For Windows users, an antivirus software is pretty much the main staple when it comes to software installations. Unless one is very careful at browsing the Internet and opening files sent through emails, one would still need a form of antivirus software. In most cases, an antivirus software can apprehend malicious programs that try and take control of one’s computer. However, a group of security researchers just discovered a 15-year-old vulnerability, dubbed as DoubleAgent, that could turn a state-of-the-art antivirus software into a malware.
According to cyber security research firm Cybellum, DoubleAgent, a zero-day security exploit, has existed within the Windows operating system for 15 years. The bug is presently starting with Windows XP up until the most current Windows 10. This type of bug can mask a malicious code injection towards an antivirus software that turns it into a malware.
The way the bug works is by exploiting a legitimate Windows program called Microsoft Application Verifier. This tool is used by all Windows operating systems to check and see at run-time any bug on programs within the system. The program also has the ability to inject codes into programs without causing alarm to the entire system. This feature can then be exploited by any hacker and use it against the computer’s own antivirus program. Once the hacker has gained access and converted the antivirus software into a malware, the floodgate is now open for more sinister exploits.
According to Cybellum, a hacker can effectively induce denial of service to the user by manipulating the internal behavior of the antivirus software. What is worse, the hacker can also render the entire machine unusable by encrypting or erasing the entire hard drive.
Fortunately, Microsoft has already rolled out a patch that will counter the effects of DoubleAgent. However, not all antivirus makers have used this patch. In fact, the majority of antivirus software providers like ESET, Avast, AVG, Bitdefender, Trendmicro to name a few, have not used the said patch. Even though the patch has been in effect on the Microsoft Windows Defender for more than three years.
At the moment, the only protection is to make sure that the Microsoft Windows Defender is updated at all times. Users can only hope that antivirus makers will implement the patch soon in order to protect users from any malicious hackers online.