’Bashware’ could enable anti-virus and anti-ransomware to be completely bypassed on Windows 10 PCs, warns Check Point
September 2017 by Check Point
Check Point security researchers have found a new and alarming method that could allow any known malware to bypass security solutions, such as next generation anti-viruses, inspection tools, and anti-ransomware.
This technique, called ‘Bashware’, leverages a new Windows 10 feature called Subsystem for Linux (WSL), which recently went out of Beta stage and is now a fully supported Windows feature. This feature makes the popular ‘bash’ terminal available for Windows OS users, which allows users to natively run Linux operating system executables on the Windows operating system.
However, existing security solutions are still not adapted to monitor processes of Linux executables running on Windows OS, a hybrid concept which allows a combination of Linux and Windows systems to run at the same time.
This may open a door for cyber criminals wishing to run their malicious code undetected, and allow them to use the features provided by Windows Subsystem for Linux to hide from security products that have not yet integrated the proper detection mechanisms.
Bashware is alarming, Check Point says, because it shows how easy it is to take advantage of the WSL mechanism to allow any malware to bypass security products. Check Point researchers tested this technique on most of the leading anti-viruses and security products in the market, successfully bypassing them all. This means that Bashware may potentially affect any of the 400 million computers running Windows 10 PC globally.
Check Point is calling on the security industry to take immediate action and to modify their security solutions to protect against this new method.