Microsoft: Malware behind XP update BSoDs/reboots

Noreen · Feb 19, 2010, 10:24:57

QuoteMicrosoft has confirmed that malware is responsible for XP-based systems suffering BSoDs and rolling reboots after the application of a patch released during February's Patch Tuesday bundle.............

http://blogs.zdnet.com/hardware/?p=7377

Steve · Feb 19, 2010, 10:27:30

That's interesting Noreen as a lot of people seemed to be affected :thumbs:

Noreen · Feb 19, 2010, 10:31:32

This was suggested on another forum as a possible cure. http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Info about this. http://support.kaspersky.com/viruses/solutions?qid=208280684

DarkStar · Feb 19, 2010, 15:33:13

This was caused by a particular variant of the TDL3 rootkit which belongs to the TDSS/Alureon family. Very few AV can detect it and only three so far can remove it. Prevx will detect all known variants but requires manual removal by Prevx technicians via a remote session. The best detection and removal is using HitMan Pro, this is a free on-demand scanner but has a 100% success rate so far.

http://www.surfright.nl/en/hitmanpro

As far as I know ESET is totally blind to most of these TDL3 variants. The only thing that will detect it and stop it is a decent HIPS program, Sandboxie will contain it - just don't let it out of the sandbox, and DefenseWall will neuter it (but not remove it from the system).
There are apparently other malware that like TDL3 are totally undetectable by (most) AV software so it looks as though the days of being protected by an AV alone are now gone which is why some of the suites are now trying to incorporate HIPS and Sandbox type protection. We live in interesting times

Further reading for those who may be interested:

http://www.wilderssecurity.com/showthread.php?t=265297

http://www.prevx.com/blog/143/BSOD-after-MS-TDL-authors-apologize.html

Rik · Feb 19, 2010, 15:37:18

Thanks, Ian.

DarkStar · Feb 19, 2010, 15:52:34

NP Rik.
It's getting scary just how many people are getting infected with these new rootkits and have no idea. A few years ago Malware was designed to trash computers but the writers have got wise and realised that they need to infect without leaving a trace if possible so they can harvest all the users personal data and card information. Look at the explosion in rouge AV designed to make people think they are infected and pay to clean up. Some of those people are apparently making millions a month.

Have a look at these, there must be thousands of them and the sad thing is that most have better looking GUI's than a lot of legitimate one's:

http://www.lavasoft.com/mylavasoft/rogues/a

Rik · Feb 19, 2010, 15:53:36

It's getting quite scary, isn't it, Ian.

Glenn · Feb 19, 2010, 15:55:41

Dumb terminals are the future

Rik · Feb 19, 2010, 15:57:20

I've argued this for a while. Of course, it will be full circle for me.

Glenn · Feb 19, 2010, 16:07:39

They may have more than one colour now Rik, apart from green.

Rik · Feb 19, 2010, 16:11:47

I always preferred amber myself.

Glenn · Feb 19, 2010, 16:13:00

I used to fix a lot of Wyse terminals a few years ago, are they still going?

Rik · Feb 19, 2010, 16:15:35

I haven't seen one in years...

Glenn · Feb 19, 2010, 16:18:47

http://www.wyse.com They are still in business, in the current climate of companies being terrified for intellectual property theft, I can't see why they are not used more. If a Wyse laptop gets stolen, al you lose is the laptop.

Rik · Feb 19, 2010, 16:24:50

I'm all for it.