Emsisoft with update 2017.6 protects against DoublePulsar backdoors
Manufacturer Emsisoft has released the update of its products to the 2017.6 version. The changes bring improved security in the context of detecting the DoublePulsar exploit set and advanced e-mail notifications.
In attacks using the WannaCry ransomware , two tools developed by the US agency NSA - EternalBlue and DoublePulsar were used to intrude into the systems. They have infected over 200,000 Windows computers in 150 countries in a few days.
EternalBlue is used in the first phase of the attack - it uses a vulnerability in the Microsoft Server Message Block 1.0 protocol (SMBv1) that allows remote execution of the provided code on the victim's computer. In this way, the rear door is installed Double Pulsar, also from the NSA package. DoublePulsar is a backdoor and functions as a malicious program downloader. It allows attackers to remotely load and run malware on the victim machine without the victim's knowledge.
Although the fever after WannaCry's attacks fell 6 weeks ago, we still observe the effects of this pest. A few days ago, 55 traffic monitoring cameras in the city of Victoria, Australia, reached the radioactive rainfall after WannaCry. We will continue to observe such cases until the vulnerable systems are finally updated and when the role of botnets in scanning the network and searching for these vulnerabilities decreases.
Emsisoft, in order to minimize the impact of attacks, has improved the advanced threat blocking module based on their behavior. Changes have been made to all Emsisoft products.
A so-called behavioral blocker, after detecting exploits, will disable all processes that try to exploit an exploit, and then display a notification:
For people who remotely manage computers, a more detailed configuration of email notifications has been developed:
In addition to the above, the manufacturer has made several other changes:
- The ability to run an automatic, scheduled scan was added when the user is not logged on to the computer.
- Application support from the Windows Store has been improved.
- The stability of business products has been improved, including: the update service, problems with connecting with the client, problems with reporting.
Emsisoft brand programs can be tried for free by downloading 30-day full versions from the manufacturer's website: emsisoft.com
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.