Hi,
I just read this article on the Cybellum website:
http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/
Many different Anti malware vendors were named and I was wondering, as a webroot user, if Webroot is also affected?
Userlevel 7
+56
Hello and Welcome to the Webroot Community!
I doubt that WSA is affected but I will ping a few to see what Webroot has to say!@ @ @ @ @ @ @
My reasoning is this:
"If you snap a screenshot of our product and save it as a bitmap, the screenshot will be bigger than the product itself," Jaroch said. Morris added that this minuscule local client leaves little "surface area" exposed to attack by malware."
Thanks,
Daniel 😉
I doubt that WSA is affected but I will ping a few to see what Webroot has to say!
My reasoning is this:
"If you snap a screenshot of our product and save it as a bitmap, the screenshot will be bigger than the product itself," Jaroch said. Morris added that this minuscule local client leaves little "surface area" exposed to attack by malware."
Thanks,
Daniel 😉
Hi @ and welcome to the Webroot Community.
Thanks for bringing this site to our attention. I'll ask the product team about it and be back with an update shortly.
Thanks again.
Thanks for bringing this site to our attention. I'll ask the product team about it and be back with an update shortly.
Thanks again.
Userlevel 6
+16
https://www.bleepingcomputer.com/news/security/new-attack-uses-microsofts-application-verifier-to-hijack-antivirus-software/
I'm not seeing webroot in that list, so i assume it's not affected by this issue.
as per the article
"Several antivirus makers affected"
Cybellum researchers say that most of today's security products are susceptible to DoubleAgent attacks. The list of affected products includes:
Avast (CVE-2017-5567)
AVG (CVE-2017-5566)
Avira (CVE-2017-6417)
Bitdefender (CVE-2017-6186)
Trend Micro (CVE-2017-5565)
Comodo
ESET
F-Secure
Kaspersky
Malwarebytes
McAfee
Panda
Quick Heal
Norton
"We have reported [DoubleAgent to] all the vendors more than 90 days ago, and worked with [a] few of them since," Michael Engstler, Cybellum CTO, told Bleeping Computer in an email.
I'm not seeing webroot in that list, so i assume it's not affected by this issue.
as per the article
"Several antivirus makers affected"
Cybellum researchers say that most of today's security products are susceptible to DoubleAgent attacks. The list of affected products includes:
Avast (CVE-2017-5567)
AVG (CVE-2017-5566)
Avira (CVE-2017-6417)
Bitdefender (CVE-2017-6186)
Trend Micro (CVE-2017-5565)
Comodo
ESET
F-Secure
Kaspersky
Malwarebytes
McAfee
Panda
Quick Heal
Norton
"We have reported [DoubleAgent to] all the vendors more than 90 days ago, and worked with [a] few of them since," Michael Engstler, Cybellum CTO, told Bleeping Computer in an email.
Userlevel 7
As freydrew stated in his post...he is checking with the Development Team and will get back to us as soon as he has an update. ;)
Userlevel 7
+56
Any update @ ?
Hey @ . We are still working on it now and will post an update soon. Thanks for being so patient.
Userlevel 6
+20
Thank you for inquiring about this! I had emailed support yesterday and they pointed me to this post. I look forward to hearing from the devs.
I had originally asked if Webroot was affected by DoubleAgent; if it was I asked what was being done, and if it's not affected, why is that?
I had originally asked if Webroot was affected by DoubleAgent; if it was I asked what was being done, and if it's not affected, why is that?
We have analyzed the DoubleAgent vulnerability, and understand its potential impact to customers. We have protection in place that prevents modifications to key areas of agent deployment; hijacking and modifying the standard verifier is how an attacker would take control of an app using this exploit. We continuously tune and enhance our self-protection technologies based on our deep threat research, engineering analysis and review of public disclosures.
The DoubleAgent vulnerability does draw attention to the risks of having logged-in users with local Administrative privileges. We strongly encourage customers to heavily restrict administrative access on devices, and monitor those processes closely.
The DoubleAgent vulnerability does draw attention to the risks of having logged-in users with local Administrative privileges. We strongly encourage customers to heavily restrict administrative access on devices, and monitor those processes closely.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.