DoublePulsar: The Undetectable Backdoor
While everyone was preoccupied with the Wannacry ransomware epidemic that began in mid-May, a bigger threat was secretly spreading through tens of thousands of computers. It locks up files and demands a ransom, too, but that’s just a smoke screen designed to distract victims from what this sneaky malware is really up to. Here's what you need to know about DoublePulsar…
What is DoublePulsar?
There are lots of movies that deal with the theme of "lab experiment gone wrong." In Jurassic Park, for example, the dinosaurs created by well-meaning scientists escape from the lab and wreak havoc on the outside world. A similar thing has recently happened, but in the digital world this time.
The U.S. government’s premier spy agency created a program called DoublePulsar that enables undetectable infiltration of a target computer. Then someone stole DoublePulsar and a bunch of other NSA spying tools. A hacker group known as the Shadow Brokers posted the NSA tools online, and they were immediately exploited.
Before encrypting an infected computer’s data, this malware scans documents, email, browser histories, and other targets looking for login credentials. With credentials, hackers can infiltrate an entire enterprise network and work all sorts of mischief. Data can be stolen; operations disrupted; and computers turned into slaves to hackers’ other projects.
For consumers on home networks, being enslaved as part of a botnet is the most serious danger. Some bots are being used to launch spam campaigns. Others are being exploited to “mine” cryptocurrency like Bitcoin, creating wealth for hackers from the computing resources of others.
The galling thing about this malware is that it uses a sophisticated hacking tool developed by the National Security Agency (NSA). DoublePulsar allows malware to enter target systems undetected by 99% of commercial security software. The malware can be injected into the kernel, the heart of an operating system, where the malware will have the highest system privileges.
Are You Protected?
Conscientious consumers can protect themselves. Microsoft has issued two sets of Windows patches designed to ward off the stolen NSA hacking tools. But the NSA has not been forthcoming about all of the Windows vulnerabilities it has discovered, prompting Microsoft president Brad Smith to blast the NSA and other government agencies that don’t share knowledge that could improve everyone’s security.
Undetectable malware is on the rise. In mid-June, 2017, a new technique called “fileless malware” was used to infect the point-of-sale systems of several hundred restaurants. This type of malware is never written to a disk; it is injected into RAM and does its dirty work there. Most anti-malware software scans for "signatures" in executable files, and overlooks fileless malware.
In the past, only governments had sophisticated hacking tools like these. But now, Shadow Brokers is offering subscription access to NSA tools, and a user interface called Metasploit that makes child’s play of plotting and executing a global ransomware or credential-stealing attack. Anyone with a few hundred bucks can wreak global havoc.
The biggest fear among security experts is that DoublePulsar and other NSA tools have been used to compromise the computers that run critical infrastructure such as power grids, hospitals, railroad systems, traffic lights, and so on. Lives could be at risk.
The best that consumers can do is keep their systems up to date with security patches. I mentioned earlier that Microsoft has issued Windows patches designed to ward off the stolen NSA hacking tools. Those patches were released back in March. So it was failure to apply security patches in a timely manner that allowed WannaCry and DoublePulsar to attack and spread widely.
If you’re not already configured for automatic Windows updates, you really should be. Here’s how to do it:
In Windows 7, click the Start button and enter “windows update” in the search box. Open Windows Update from the search results list. In the left sidebar, select “change settings.” Under “Important updates,” select “Install automatically” from the drop-down menu. Pick a convenient time for Windows to install updates and restart your PC, if necessary. The default is 3:00 a.m.
Windows 10 installs updates automatically by default. To fine-tune Win 10 updates, enter “windows update settings” in the search box on the taskbar, and click on that phrase in the search results. Next, click the Advanced link, and check the box next to “Use my sign-in…". This allows Windows 10 to complete the installation of updates that require a restart. When this option is checked, Win 10 will log you out, restart and install updates, then log you back in.
If you use Microsoft products such as Office, check the box that enables updating of those as well as Windows. The rest of the options should be left as they are unless you have a compelling reason to change them.
This article was posted by Bob Rankin on 28 Jun 2017
|For Fun: Buy Bob a Snickers.|
Need Robocall Relief? Here's How to Fight Back
The Top Twenty
Geekly Update - 29 Jun 2017
There's more reader feedback... See all 21 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- DoublePulsar: The Undetectable Backdoor (Posted: 28 Jun 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved