A zero-day attack called Double Agent can take over antivirus software on Windows machines and turn it into malware that encrypts files for ransom, exfiltrates data or formats the hard drives.
Based on a 15-year-old feature in Windows from XP through Windows 10, the attack is effective against all 14 antivirus products tested by security vendor Cybellum – and would also be effective against pretty much every other process running on the machines.
Double Agent was discovered by Cybellum researchers and has not been seen in the wild.
“The attack was reported to all the major vendors which approved the vulnerability and are currently working on finding a solution and releasing a patch,” according to a Cybellum blog. All the vendors were notified more than 90 days ago, which is the standard length of time for responsibly disclosing vulnerabilities and giving vendors time to fix them.
In this case two out of 14 antivirus vendors that have been notified have taken steps to deal with the problem – AVG and Malwarebytes, says Slava Bronfman Cybellum’s CEO. The other 12 that have been notified are Avast, Avira, Bitdefender, Trend Micro, Comodo, ESET, F-Secure, Kaspersky, McAfee, Panda, Quick Heal and Norton.
UPDATE: Trend Micro issued this statement: "At this time, we have confirmed that Titanium is the only product affected by this vulnerability, and we do have a patch in the works to be published as an urgent security bulletin later this morning." That bulletin is here.
UPDATE: Kaspersky Lab issued this statement: "Kaspersky Lab would like to thank Cybellum Technologies LTD for discovering and reporting the vulnerability which made a DLL Hijacking attack possible via an undocumented feature of Microsoft Application Verifier. The detection and blocking of this malicious scenario has been added to all Kaspersky Lab products from March 22, 2017."
UPDATE: Comodo Vice President of Worldwide Engineering Egemen Tas wrote a post about this including: "No we are not vulnerable to this AppVerifier injection...For this attack to be successful, [the] malware author should be able to bypass [Comodo Internet Security] protection. CIS by-default allows only whitelisted applications to modify such critical keys. Non-whitelisted applications will be either blocked or sandboxed rendering the attack ineffective."
UPDATE: Norton issued this statement: "After investigating this issue we confirmed that this PoC does not exploit a product vulnerability within Norton Security. It is an attempt to bypass an installed security product and would require physical access to the machine and admin privileges to be successful. We remain committed to protecting our customers and have developed and deployed additional detection and blocking protections to users in the unlikely event they are targeted."
UPDATE: Avast issued this statement: “We were alerted by Cybellum last year through our Bug Bounty program to a potential self-defense bypass exploit. We implemented the fix at the time of reporting and therefore can confirm that both the Avast and AVG 2017 products, launched earlier this year, are not vulnerable. It is important to note that the exploit requires administrator privileges to conduct the attack and once that's the case, there are numerous other ways to cause damage or modify the underlying operating system itself. Therefore, we rate the severity of this issue as "low" and Cybellum’s emphasis on the risk of this exploit to be overstated."
UPDATE: Avira issued this statement: "The DoubleAgent zero-day exploit shows how Microsoft's Application Verifier can be manipulated and theoretically used to inject malware into a compromised system. Application Verifier is used by app developers to identify and fix bugs in their software.
"Research by Avira has confirmed that the core Avira Antivirus Pro processes, those responsible for all detection and protection tasks, cannot be impacted by the DoubleAgent PoC. These processes are protected by a self-protection feature within the app which is not accessible via this PoC. There is limited ability to manipulate some lower-level processes which do not have high privileges or rights.
"Our development team has already reviewed this potential attack vector and is working on a patch to solve this issue. The patch will be released in the next major product update."
Double Agent takes advantage of a quirk of Microsoft Application Verifier, a tool that detects and fixes bugs in native applications. This is performed by something known as a “verifier provider DLL” that gets loaded into the applications at runtime.
Microsoft Application Verifier allows creating new verifier DLLs and registering them with a set of keys for it that get stored in the registry. “Once a DLL has been registered as a verifier provider DLL for a process, it would permanently be injected by the Windows Loader into the process every time the process starts, even after reboots/updates/reinstalls/patches/etc.,” Cybellum says. In other words, the DLL persists.
This vulnerability is actually an undocumented feature of Microsoft Application Verifierl, Bronfman says, so it’s unlikely to be removed anytime soon.
Bronfman says there’s no particular flaw with the antivirus platforms; the DLLs could be inserted into any process. Cybellum chose to attack them because they make an effective attack surface: they are trusted by other applications on the computers, including other security software.
“Antivirus is most important attack we could do,” he says. “If you attack an organization, not just consumer, you can get full control over the organization. No other security examines the antivirus. It will bypass all the huge stack of security products you might have.”
The workaround being used by AVG and Malwarebytes involves patching the antivirus software to look for any process trying to write to the antivirus registry and then block it, he says. “Antivirus is in the kernel with a driver that can see almost everything,” he says.
Meanwhile organizations might try increasing diligence about downloads to stop Double Agent from accessing machines.
Cybellum says that three years ago Microsoft provided a new design concept that antivirus vendors could use that is called Protected Process and is meant specifically to protect antivirus software. Vendors could write their platforms so they are considered protected processes that would only allow trusted, signed code to load on them. So the code would be protected from any code-injection attack, including Double Agent.
Bronfman says executing the attack could be done by someone with the skills of a script kiddie. The attack code can be downloaded directly from a malicious Web site or opening a malicious attachment, he says.