Tuesday March 21, 2017

Security Products are No Match for Double Agent

Security researchers at Cybellum have identified a Zero-Day attack that grants full control over many Antivirus solutions on the market today. Born from the ashes of a 15 year old Microsoft tool, Cybellum has named this attack "Double Agent". Double Agent uses Microsoft's fairly ancient "MS Application Verifier" to infiltrate it's victims. In other words, it's like a Facehugger egg in an Easter basket.

For those of you not familiar with the aforementioned tool of verification, allow me to enlighten you. MS Application Verifier is used as a runtime verification tool that helps developers uncover bugs and fix them in applications. Cybellum discovered that Application Verifier is also capable of being replaced with a customized (weaponized) version of itself. Once Application Verifier has been replaced, the evil version can now be injected into an application. This gives the attacking party full control over the victim app. Enough control to turn Antivirus into malware.