Emsisoft with update 2017.6 protects against DoublePulsar backdoors

Manufacturer Emsisoft has released the update of its products to the 2017.6 version. The changes bring improved security in the context of detecting the DoublePulsar exploit set and advanced e-mail notifications.

In attacks using the WannaCry ransomware , two tools developed by the US agency NSA - EternalBlue and DoublePulsar were used to intrude into the systems. They have infected over 200,000 Windows computers in 150 countries in a few days.

EternalBlue is used in the first phase of the attack - it uses a vulnerability in the Microsoft Server Message Block 1.0 protocol (SMBv1) that allows remote execution of the provided code on the victim's computer. In this way, the rear door is installed Double Pulsar, also from the NSA package. DoublePulsar is a backdoor and functions as a malicious program downloader. It allows attackers to remotely load and run malware on the victim machine without the victim's knowledge.

Although the fever after WannaCry's attacks fell 6 weeks ago, we still observe the effects of this pest. A few days ago, 55 traffic monitoring cameras in the city of Victoria, Australia, reached the radioactive rainfall after WannaCry. We will continue to observe such cases until the vulnerable systems are finally updated and when the role of botnets in scanning the network and searching for these vulnerabilities decreases.

DoublePulsar protection

Emsisoft, in order to minimize the impact of attacks, has improved the advanced threat blocking module based on their behavior. Changes have been made to all Emsisoft products.

Readers can recommend a review of Emsisoft's business solutions and their home counterpart - Emsisoft Internet Security .

A so-called behavioral blocker, after detecting exploits, will disable all processes that try to exploit an exploit, and then display a notification:

Exploit detection message.

Other changes

For people who remotely manage computers, a more detailed configuration of email notifications has been developed:

More detailed options in the configuration were introduced at the request of users.

In addition to the above, the manufacturer has made several other changes:

  • The ability to run an automatic, scheduled scan was added when the user is not logged on to the computer.
  • Application support from the Windows Store has been improved.
  • The stability of business products has been improved, including: the update service, problems with connecting with the client, problems with reporting.

Emsisoft brand programs can be tried for free by downloading 30-day full versions from the manufacturer's website: emsisoft.com

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.