ExTS Admin Starbuck Posted August 28, 2010 ExTS Admin Posted August 28, 2010 'New era,' says researcher of rootkit that bypasses 64-bit kernel defenses by infecting hard drive's boot record. A new version of the malware that crippled Windows PCs last February sidesteps safeguards designed to block rootkits from hijacking machines running 64-bit editions of Windows, researchers said Thursday. "A new era has officially dawned; the era of x64 rootkits," said Prevx researcher Marco Giuliani in a post to the company's blog yesterday. The updated rootkit, which goes by names including Alureon, TDL and Tidserv, is able to infect 64-bit Windows PCs. "TLD3 can be considered as the first x64-compatible kernel mode rootkit infection in the wild," Giuliani said. Both Prevx and Symantec have found evidence that hackers are actively using the rootkit. "The infection is spreading on the Web, by using both porn Web sites and exploit kits," said Giuliani, who added that U.K.-based Prevx had first spotted the new rootkit more than a week ago. Symantec's first sighting was Wednesday. A previous version of the rootkit caused serious problems earlier this year after a Microsoft security update crashed 32-bit Windows machines. The new rootkit sidesteps two important anti-rootkit protections Microsoft built into 64-bit Windows, Kernel Mode Code Signing and Kernel Patch Protection, also known as PatchGuard. The pair are designed to make it more difficult for malware to tamper with the operating system's kernel. "To bypass Kernel Patch Protection and driver signature verification, the rootkit is patching the hard drive's master boot record so that it can intercept Windows' startup routines, own it, and load its driver," Giuliani said. Source: Rootkit with Blue Screen history now targets 64-bit Windows Quote Member of:UNITE
Plastic Nev Posted August 30, 2010 Posted August 30, 2010 An interesting page from Microsoft about this, here- Alureon Evolves to 64 Bit - Microsoft Malware Protection Center - Site Home - TechNet Blogs You can see from that article that you can at least find out if you have been caught out with it, and therefore do something about it. It would seem they do at least have a handle on it, and the Microsoft Security Essentials can remove it. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. --------------------------------------------------------------------I have installed Windows, now how do I install the curtains? :Dhttp://i7.photobucket.com/albums/y282/plasticpig/Nev2.gif
wellies Posted August 31, 2010 Posted August 31, 2010 I went to the forum of my own AV program to see if it could deal with this rootkit/bootkit. It can according enquiries made. It might be worth checking if the AV program of anyone's choice is capable of dealing with it. I'm also told that Hitman Pro 3.5.6 beta build 112 has added protection against it. I know it's a bold statement but I feel fairly confident that nothing will get onto the computer that could install the rootkit. If I'm right, it won't need detecting anyway. I sometimes think once malware has actually made it onto the computer and is in need of detection/removal, the protections may have partly failed already. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. Computer: Intel i5 CPU|8GB RAM|Windows 8.1.1 64-bit|Sandboxie|Qihoo 360 Total Security|Firefox|Chrome|150 Mbps cable broadband.
Plastic Nev Posted September 4, 2010 Posted September 4, 2010 Remember though that clicking on and admitting a download will bypass all security in a lot of cases. However, certain browser download managers can screen with your anti-virus the download before it goes to your downloaded files storage, providing you use one. Firefox can be set up to do this as also some others. Nev. Quote Need help with your computer problems? Then why not join Free PC Help. Register here If Free PC Help has helped you then please consider a donation. Click here We are all members helping other members.Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. --------------------------------------------------------------------I have installed Windows, now how do I install the curtains? :Dhttp://i7.photobucket.com/albums/y282/plasticpig/Nev2.gif
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.