DoublePulsar: The Undetectable Backdoor

Category: Security

While everyone was preoccupied with the Wannacry ransomware epidemic that began in mid-May, a bigger threat was secretly spreading through tens of thousands of computers. It locks up files and demands a ransom, too, but that’s just a smoke screen designed to distract victims from what this sneaky malware is really up to. Here's what you need to know about DoublePulsar…

What is DoublePulsar?

There are lots of movies that deal with the theme of "lab experiment gone wrong." In Jurassic Park, for example, the dinosaurs created by well-meaning scientists escape from the lab and wreak havoc on the outside world. A similar thing has recently happened, but in the digital world this time.

The U.S. government’s premier spy agency created a program called DoublePulsar that enables undetectable infiltration of a target computer. Then someone stole DoublePulsar and a bunch of other NSA spying tools. A hacker group known as the Shadow Brokers posted the NSA tools online, and they were immediately exploited.

Before encrypting an infected computer’s data, this malware scans documents, email, browser histories, and other targets looking for login credentials. With credentials, hackers can infiltrate an entire enterprise network and work all sorts of mischief. Data can be stolen; operations disrupted; and computers turned into slaves to hackers’ other projects.

NSA DoublePulsar hacking tool

For consumers on home networks, being enslaved as part of a botnet is the most serious danger. Some bots are being used to launch spam campaigns. Others are being exploited to “mine” cryptocurrency like Bitcoin, creating wealth for hackers from the computing resources of others.

The galling thing about this malware is that it uses a sophisticated hacking tool developed by the National Security Agency (NSA). DoublePulsar allows malware to enter target systems undetected by 99% of commercial security software. The malware can be injected into the kernel, the heart of an operating system, where the malware will have the highest system privileges.

Are You Protected?

Besides your operating system and Office software, other software on your computer may be vulnerable to attacks. See my article Keeping Software Updated Simply to learn about some free tools that will dothe job for you.

Conscientious consumers can protect themselves. Microsoft has issued two sets of Windows patches designed to ward off the stolen NSA hacking tools. But the NSA has not been forthcoming about all of the Windows vulnerabilities it has discovered, prompting Microsoft president Brad Smith to blast the NSA and other government agencies that don’t share knowledge that could improve everyone’s security.

Undetectable malware is on the rise. In mid-June, 2017, a new technique called “fileless malware” was used to infect the point-of-sale systems of several hundred restaurants. This type of malware is never written to a disk; it is injected into RAM and does its dirty work there. Most anti-malware software scans for "signatures" in executable files, and overlooks fileless malware.

In the past, only governments had sophisticated hacking tools like these. But now, Shadow Brokers is offering subscription access to NSA tools, and a user interface called Metasploit that makes child’s play of plotting and executing a global ransomware or credential-stealing attack. Anyone with a few hundred bucks can wreak global havoc.

The biggest fear among security experts is that DoublePulsar and other NSA tools have been used to compromise the computers that run critical infrastructure such as power grids, hospitals, railroad systems, traffic lights, and so on. Lives could be at risk.

The best that consumers can do is keep their systems up to date with security patches. I mentioned earlier that Microsoft has issued Windows patches designed to ward off the stolen NSA hacking tools. Those patches were released back in March. So it was failure to apply security patches in a timely manner that allowed WannaCry and DoublePulsar to attack and spread widely.

If you’re not already configured for automatic Windows updates, you really should be. Here’s how to do it:

In Windows 7, click the Start button and enter “windows update” in the search box. Open Windows Update from the search results list. In the left sidebar, select “change settings.” Under “Important updates,” select “Install automatically” from the drop-down menu. Pick a convenient time for Windows to install updates and restart your PC, if necessary. The default is 3:00 a.m.

Windows 10 installs updates automatically by default. To fine-tune Win 10 updates, enter “windows update settings” in the search box on the taskbar, and click on that phrase in the search results. Next, click the Advanced link, and check the box next to “Use my sign-in…". This allows Windows 10 to complete the installation of updates that require a restart. When this option is checked, Win 10 will log you out, restart and install updates, then log you back in.

If you use Microsoft products such as Office, check the box that enables updating of those as well as Windows. The rest of the options should be left as they are unless you have a compelling reason to change them.

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 28 Jun 2017


For Fun: Buy Bob a Snickers.

Prev Article:
Need Robocall Relief? Here's How to Fight Back

The Top Twenty
Next Article:
Geekly Update - 29 Jun 2017

Most recent comments on "DoublePulsar: The Undetectable Backdoor"

(See all 21 comments for this article.)

Posted by:

MmeMoxie
28 Jun 2017

Thank you, Bob!!! It is vital that we know what to do when bad, bad, bad programs get out to hurt a country, businesses, and individuals.

This does NOT sound good at all!!! Yes, our individual PCs, Laptops, and other computerized devices very easily could be compromised. I worry the most about Businesses, Hospitals, Libraries, Infrastructures like the Electric Grid and so on, Government Top Secrets, especially those that involve more Cyber secrets and so on!!!

Now, those who get your newsletter are aware and will do something about it. What about our Top Level Government Cyber-Units??? They don't tend to do what is really needed to be done to protect their files and information. Neither do Businesses or Hospitals.

Look at all the hospitals that have been infected with Ransomware??? They literally are the worst in cyber-protection.

Again - Thank you, Bob - For the warning and what to do about it. This fan always appreciates what you do for your followers and anyone who want to learn and to regconize a problem.


Posted by:

Lou Damelin
28 Jun 2017

A comment for you Bob.

Rather than just mention Microsoft has updates it would be helpful if you provided a link or links to the updates. Especially for those still using XP.
The updates for XP are on the Microsoft website but they have to be manually downloaded. They are not available for XP by the windows update procedure.


Posted by:

CtPaul
28 Jun 2017

My last PC was destroyed when Microsoft shoved Windows 10 - disguised as an "automatic update" onto everyone's machine.

I will NEVER again allow them the chance to do that again. There are still ongoing lawsuits from individuals and businesses against Microsoft for that irresponsible action.

I screen every update now before it is installed on my pc.


Posted by:

Harold Muxlow
28 Jun 2017

Perhaps it is time for our congress to impose some stiff penalties in these hacker scammers? They seem to have a law for everything else. When a ransomware creep asks for a credit card to pay their ransom, you cannot tell me they cannot be found.


Posted by:

Sharon H
28 Jun 2017

Thank you, Bob, for keeping us up-to-date with this ultra important news.

The punishment for anyone involved with ransomware should be 25 years to life. No physical organization could ever rob people of so much.


Posted by:

TimW
28 Jun 2017

@CtPaul- yes, that's a good move. Do NOT trust automatic updates. Several Windows 7 important updates are KNOWN detriments to the system. People should really take the time to review ALL updates before installation. But that's not the world we live in- everything's instant gratification nowadays. NEVER, EVER TRUST M$!!!...RESEARCH!!!


Posted by:

Kenneth Heikkila
28 Jun 2017

I'm surprised only two replies of people who "know better" than MS. Are their updates perfect? Of course not, but I personally would rather risk a bad update (I have had only one or two in over 20 years and none serious)) than allow hackers access to an unprotected system. I do receive Susan Bradley's Windows Secrets recommendations for update installation, but really don't delay any other than the original update to Win 10. The Creator's update was never pushed to my system until it was ready- the installation "tried" a few times, but never succeeded until it was ready for prime time.


Posted by:

JPHUF
28 Jun 2017

As I know, recently & in recent years, just about every entity has been hacked in part or as a whole or in someway: Anti-virus software makers like Kaspersky & others, government agencies like the NSA, Pentagon, states, cities etc; consumer like Target, restaurant chains, etc; Yahoo, the list is quite extensive.
It seems the safest that has not been hacked, is a private server that a person I know, was using it for years. Wish I knew the name of that server.


Posted by:

Jillian S
28 Jun 2017

To CtPaul and Tim W: I have automatic updates, and I don't recall Windows 10 being automatically installed....just lots of suggestions that I do so. Am I misremembering? Also, I don't see how looking at each update before allowing it would be of use, as I probably would not know what I was looking at! I just now checked, using Bob's instructions, and I see that the last updates were installed June 13th.


Posted by:

Ken
28 Jun 2017

My Win 10 pc gets corrupted EVERY TIME MicroSoft sends out new updates... I mean it corrupts a lot of my software and messes up my Magic Jack software until I re-install it again. There is a way to control when the updates get downloaded, (MS is soooo overbearing!!!!) but I have not yet discovered it. In the meantime I dread MS updates.
( Can you help about this, Bob??)


Posted by:

bobdeloyd
28 Jun 2017

I'd put a link in but I don't know if Bob would like it...
Just Google Microsoft updates for XP

Security Update for Windows XP SP3 (KB4012598)

Version:
4012598
File Name:
WindowsXP-KB4012598-x86-Custom-ENU.exe
Date Published:
5/15/2017
File Size:
666 KB


Posted by:

CtPaul
28 Jun 2017

https://answers.microsoft.com/en-us/windows/forum/windows_10-hardware/upgrade-10-class-action-lawsuit/cd4bfca3-e297-479a-a7fd-94bdf765dcc9

Dear Kenneth Heikkila: Maybe you should go to thye Microsoft Forum website, and read a few of these thousands of complaints!


Upgrade 10 Class Action LawSuit

LI
LisaCapaci started on August 14, 2015See post history
Most Recommended Discussion
Accomplishments


Most Recommended Discussion
Most Recommended Discussion

Is there an attorney or firm interested in pursuing a class action suit? There are thousands of computers that have been rendered useless after being upgraded to Windows 10 through "automatic updates" and left with 1. no sound, 2. no operating screen time 3. no access (password issues) 3. memory issues 4. lost files 5. unauthorized access by Microsoft.

2545 people have recommended this discussion

Me Too

All replies (486)

1 2 3 4 5 ... 49 Next

CR
CraigPyron replied on September 10, 2015See post history
windows 10 bricked both my laptop and desktop. i'm ready for the class action lawsuit.

944 people liked this
LilBro
LilBro replied on September 10, 2015See post history
In my opinion, you may be able to do not only a civil action but also a possible criminal action under theft of services, vandalism, etc. I doubt you'll find any takers here, but if you check around on Google there may be some who've led actions in the past. Perhaps even the EFF?


Posted by:

Karena
28 Jun 2017

MS sometimes makes things so difficult! I have a metered internet connection, so I don't allow automatic updates - I need to manually download my updates during my "free" midnight-to-5am time frame. Why can't MS just have a "download now" button so I can just get them when I want - instead, I have to download them from a third-party and manually install them. Efficient. And, until I figured this out, I went for months with no updates, because I couldn't figure out how to get them. Safe. Thanks MS.


Posted by:

Denis
28 Jun 2017

Strange how the Comments have morphed from topic of the article into a forum for slagging MS and it's updates. I don't know how the bitcoin system is controlled but it's got to be controlled from somewhere so it should be possible to shut down the Ransomware recipients accounts pretty quickly so as to make it no longer profitable for the excrement who perpetrate such malware, and it should also be possible to track the movement of the bitcoins and identify them. Then nail them! Floor, ceiling, wall or door, your choice.


Posted by:

Karena
29 Jun 2017

Denis - half the article is about how "Conscientious [MS] consumers can protect themselves" with Windows updates - it is relevant to the conversation that MS doesn't always make updating easy, or even possible. And part of the whole deal with bitcoins is that it is *not* centralized, and yes - if users are cautious, transactions can be anonymous: https://www.wired.com/2012/05/fbi-fears-bitcoin/.


Posted by:

Chris
30 Jun 2017

After XP I upgraded to Linux and have had little trouble with any of my computers but also little info from you. Is this because there is nothing to complain about or are you just catering to MS?


Posted by:

Geoff Greig
01 Jul 2017

As far as I am aware the only way of knowing if any software is secure is to use free open source software that has been created by free open source software (languages compilers etc), as it can be scrutinised.

The inverse of this, Proprietary software, cannot be scrutinised, as it's program code is re-coded (Linked and Compiled, so usually only readable by a computer ) and is protected by laws, so you have no idea what that software could be capable of doing.


Posted by:

ardj
01 Jul 2017

Thanks to Mr Rankin for this(and all his other help),and to the other readers who have written in.
Yes, the world is unsafe - the best most of us dummies can do is make it a little safer: backups, good AV (+ Malwarebytes and maybe HitmanPro), a safe browser, and discipline about what you click on.
Having been bitten by MS updates, I now only take security updates for W7: anyone who wants to do this will find the clearest instructions at https://www.askwoody.com/forums/topic/how-to-get-windows-7-up-to-date-and-keep-it-that-way/


Posted by:

Mike
06 Jul 2017

I wonder if DP is detectable by AV software that uses whitelisting as the main detection technique. Hmm...


Posted by:

SamG
14 Jul 2017

Thanks Ardj, bobdeloyd, Kenneth Heikkila, and Bob R. for your info. So if the backdoor is exploited before the password file is accessed, all hope is lost? Too late to move file and encrypt it.


There's more reader feedback... See all 21 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.
[an error occurred while processing this directive]


Article information: AskBobRankin -- DoublePulsar: The Undetectable Backdoor (Posted: 28 Jun 2017)
Source: http://askbobrankin.com/doublepulsar_the_undetectable_backdoor.html
Copyright © 2005 - Bob Rankin - All Rights Reserved