Best Security Search
Trojans

Thousands of Microsoft Windows PCs Infected With DOUBLEPULSAR Backdoor

Thousands of Microsoft Windows users have been infected with the DOUBLEPULSAR backdoor as a result of a Shadow Brokers tool release.

Microsoft Windows Plagued With The DOUBLEPULSAR Backdoor

The infamous Shadow Brokers hackers collective released last week a set of criminal tools that allegedly have been used by the NSA. According to the malicious users they have been stolen from the institution which has developed it for spying purposes. The leaked data contains exploits for all major versions of the operating system since Windows XP which include some iterations of Windows Server. As a response to user concerns and media reports Microsoft stated that their security updates have amended the published vulnerabilities. The problem is that most of the computer users do not frequently update their installations. As a result thousands of Microsoft Windows users have been successfully exploited by dangerous malware.

The issue in question is tracked in a critical advisory released by Microsoft identified in MS17-010. Its title reads “Security Update for Microsoft Windows SMB Server” and its summary showcases a remote code execution incident triggered by crafted packets to a Microsoft SMB server.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Insight into the DOUBLEPULSAR Backdoor And Microsoft Windows

The main exploit leads to an infection with a dangerous malware known as the DOUBLEPULSAR backdoor. The backdoor provides the attackers with three options:

  1. Data Harvesting – The hackers can use the backdoor to steal sensitive user data or system information from the compromised machines.

  2. Remote Commands Execution – The module is able to execute remote commands supplied by the hackers.

  3. Arbitrary Code Execution – The criminals can execute arbitrary code which may lead to further malware deployment.

The hackers use the SMB protocol as means of communication which is highly unusual. The malware engine has been found to send a beacon packet which performs an infection check before the DOUBLEPULSAR backdoor is deployed. According to the available statistics the majority of the infected systems are located in the United States. As the rate of infection increases so does the possibility of creating a worldwide attack campaign.

The Risk Of Infection With DOUBLEPULSAR Backdoor is Increasing

The issue with the DOUBLEPULSAR backdoor is that its part of a large collection of hacking tools. In this particular case the malicious code has been released alongside other attack frameworks. During the infection process the attackers first need to deploy their penetration testing framework and craft the necessary packets to break through the security mechanisms of the vulnerable SMB services. The released hacking tool came with an extensive modular utility which is able to be configured against predefined targets. This means that the criminal operators in possession with it can use the framework to execute other campaigns as well. The DOUBLEPULSAR backdoor is merely only one of the available options.

The parameters that can be customized by the attackers are the following: Target IP, Target Port, Callback IP, Confirm target OS, Number of exploit attempts, Target exploitability, Define Delivery Type and Remote IP/Port forwarding. Once the necessary instructions are supplied to the criminals the attack is initiated in an automated way. If the intrusion is successful the compromised host automatically reports the incident to the hackers.

As always we highly recommend that all users use a quality anti-malware solution to protect themselves from possible intrusion attempts, as well as to remove active infections with a few mouse clicks.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.