We recently reported about a Windows programming error that can be exploited to prevent security and antivirus software from detecting malware. Microsoft stated that its engineers have reviewed the information and determined that this does not pose a security threat and they do not plan to address it with a security patch.
However, there’s another newly discovered flaw that can likewise allow malware to bypass all the leading antivirus and security software in Windows 10. And it is scarier, too, since it can potentially affect all 400 million computers running Windows 10 worldwide.
What is Bashware?
Security researchers at Check Point discovered a Windows 10 vulnerability, named Bashware, that can allow malware to bypass software security products including the newest antivirus, anti-malware and anti-ransomware software.
Gal Elbaz and Dvir Atlas, the researchers credited with the discovery, said that the attack technique exploits the newly added Linux Shell support for Windows 10.
Windows Subsystem for Linux (WSL) was integrated by Microsoft in Windows 10 to allow developers test code for both Windows and Linux on the same machine. It is a way to translate Linux shell Bash commands to commands that Windows can understand, processing them within the Windows 10 kernel itself.
Security software can’t detect Bashware
Attackers can then take advantage of this new WSL mechanism to evade security tools. The researchers state that they have tested the technique with most of the market leading security products and malware successfully bypassed them all.
Currently, WSL requires Windows 10 users to manually activate it but the researchers warn that the Bashware method can automate the steps required to enable WSL to run malware.
Bashware doesn’t even require hackers to write malware meant for Linux and have WSL port them over to Windows. They can have Bashware install Wine (a Windows emulator for Linux) instead.
How to protect yourself against Bashware
The Check Point researchers said that hackers still need administrator privileges to mount a Bashware attack on a Windows computer.
Hackers usually use malicious links, attachments and phishing attacks to exploit Windows flaws and run remote code that can grant them administration rights.
To prevent this from happening to you, it is important that you don’t open email attachments from unknown sources or click links in suspicious emails.
It is also vital that you download and install Windows security updates as soon as you can. Keeping your Windows machine updated prevents attackers from exploiting Windows bugs.
Thankfully, although the Check Point researchers did not list what security products are affected, Microsoft stated that they are already helping security software vendors deal with these kinds of attacks. Keep an eye out for updates for your anti-virus software too and apply them as soon as you can.