thewayne: (Default)
The Wayne ([personal profile] thewayne) wrote2010-09-13 06:56 pm

64-bit Windows can now be infected with root kits!

My boss sends out interesting bits of tid occasionally, this is one such:

--Rootkit Infects 64-bit Windows
(August 26, 27 & 30, 2010)
Researchers have detected a variant of the TDL3 rootkit that is capable of infecting 64-bit Windows installations. TDL3, also known as Alureon, was the culprit behind a rash of Windows crashes that occurred after users installed a particular Windows patch earlier this year. Microsoft released a new version of the patch that detected whether the rootkit was there and offered help in removing the malware from users' computers. The significance of the rootkit infecting 64-bit windows is that the 64-bit versions are considered to be more secure than 32-bit versions. The new version of this particular rootkit has been detected in the wild.

http://www.esecurityplanet.com/features/article.php/3900936/New-64-Bit-Windows-Rootkit-Already-In-The-Wild.htm

http://www.dslreports.com/forum/r24720761-1st-x64compatible-kernel-mode-rootkit-infection-in-the-wild

http://blog.emagined.com/2010/08/30/what-next-a-64-bit-windows-rootkit/

[Editor's Note (Schultz): This is a very significant and negative development. 64-bit Windows systems have until the most recent version of TDL3 been resistant to rootkit infections, primarily because of two Windows OS protections: 1. A digital signature check prevents malicious drivers from getting into kernel memory, and 2. Windows Kernel Patch Protection keeps kernel mode drivers from making changes in the Windows kernel. The fact that this rootkit can bypass these two protections means that Pandora's Box has just been opened with respect to malware in 64-bit Windows systems.]


Emphasis mine. About the only way to guarantee that a computer cannot be infected is to never connect it to a network, much less the internet, and never install any software on it. Kinda limits its usefulness, though.
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)

[personal profile] silveradept 2010-09-14 05:22 pm (UTC)(link)
Yet another reason to not run Windows where possible, if only to take advantage of the obscurity department for a little while longer?

Also, that means that whatever Microsoft did, they didn't do it right.