World's most advanced rootkit penetrates 64-bit Windows

Started by Gary, Nov 16, 2010, 09:56:35

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Gary

Quote 'notorious rootkit that for years has ravaged 32-bit versions of Windows has begun claiming 64-bit versions of the Microsoft operating system as well.

The ability of TDL, aka Alureon, to infect 64-bit versions of Windows 7 is something of a coup for its creators, because Microsoft endowed the OS with enhanced security safeguards that were intended to block such attacks. The rootkit crossed into the 64-bit realm sometime in August, according to security firm Prevx.

According to research published on Monday by GFI Software, the latest TDL4 installation penetrates 64-bit versions of Windows by bypassing the OS's kernel mode code signing policy, which is designed to allow drivers to be installed only when they have been digitally signed by a trusted source. The rootkit achieves this feat by attaching itself to the master boot record in a hard drive's bowels and changing the machine's boot options'

More information Here

The Malware fight is one I think we will never win, each month its more ferocious it seems  :(
Damned, if you do damned if you don't

Simon

Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

D-Dan

The fight is over here - this prevents 99.99% of all known malware - Protection

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

armadillo

Quote from: Gary on Nov 16, 2010, 09:56:35

More information Here

The Malware fight is one I think we will never win, each month its more ferocious it seems  :(


Good grief! Followed your link through to the detailed article written by Prevx, explaining how the rootkit works. Ferocious is the word. The level of understanding and intellectual ability possessed by the malware writers is incredible. What a waste of talent.

Gary

Quote from: armadillo on Nov 16, 2010, 10:28:15
Good grief! Followed your link through to the detailed article written by Prevx, explaining how the rootkit works. Ferocious is the word. The level of understanding and intellectual ability possessed by the malware writers is incredible. What a waste of talent.
If they worked for the security industry...we may have a chance maybe.
Damned, if you do damned if you don't

armadillo

Quote from: D-Dan on Nov 16, 2010, 10:27:55
The fight is over here - this prevents 99.99% of all known malware - Protection

Steve

LOL.

Trouble is, it also prevents 99.99% of all known software

If ever its penetration becomes large enough to make software development for it worthwhile, it will become the target for malware too.

D-Dan

Quote from: armadillo on Nov 16, 2010, 10:30:58
LOL.

Trouble is, it also prevents 99.99% of all known software


Which software are you thinking of? There are Linux versions or equivalents of just about anything you can think of, all free. And for those rare cases where the Windows version is an absolute must, there's wine (not the drink, the compatibility layer).

It'll even run Windows games if you are so inclined (I enjoy Trackmania whichever OS I use) :)

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

Gary

Quote from: D-Dan on Nov 16, 2010, 10:27:55
The fight is over here - this prevents 99.99% of all known malware - Protection

Steve
I agree but getting Linux onto more machines is the hard part, even though its getting better, With the vast majority of PC World style buyers its always going to be windows. That's where the battle is always going to be, and now  OS X as well. Still being in the minority has its advantages  ;)
Damned, if you do damned if you don't

armadillo

Quite, Gary! Presents an interesting moral dilemma, doesn't it? It means going out and actively recruiting malware developers into security software vendors.

Simon

Simon.
--
This post reflects my own views, opinions and experience, not those of IDNet.

Gary

Quote from: armadillo on Nov 16, 2010, 10:34:11
Quite, Gary! Presents an interesting moral dilemma, doesn't it? It means going out and actively recruiting malware developers into security software vendors.
Prevx did, hence their view on the security world and their behavioural based security, thing is the money is where the crime is now for alot of the sharp minds that develop these nasties.
Damned, if you do damned if you don't

armadillo

Quote from: Gary on Nov 16, 2010, 10:37:12
Prevx did, hence their view on the security world and their behavioural based security, thing is the money is where the crime is now for alot of the sharp minds that develop these nasties.

Good on Prevx for having the courage to do that. Social engineering is the hard part. More people are prepared to pay for special offers and cheap deals offered by spam and adware than will pay for legitimate software. So the criminal side have more money available for recruitment than the good guys. Not sure how to engineer around that.

Gary

Quote from: armadillo on Nov 16, 2010, 10:46:30
Good on Prevx for having the courage to do that. Social engineering is the hard part. More people are prepared to pay for special offers and cheap deals offered by spam and adware than will pay for legitimate software. So the criminal side have more money available for recruitment than the good guys. Not sure how to engineer around that.
The fact you get technical support for the Malware you can buy shows how much its gone past the old script kiddies to a major business now  :( As for greed, as VAT goes up and the cuts deepen, people will just become more vulnerable, sometimes out of desperation I fear. As for the ones that just use pirated software...I knew a guy who would build a pc costing say £2000 then use pirated Windows and AV etc, now that just never made sense to me.  :shake:
Damned, if you do damned if you don't

Rik

It's like drivers who buy flash cars but don't insure them, Gary.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

armadillo

Quote from: Gary on Nov 16, 2010, 11:07:53
.I knew a guy who would build a pc costing say £2000 then use pirated Windows and AV etc, now that just never made sense to me.  :shake:

It seems to be an interesting part of human psychology that we compartmentalise our spending. The same person who goes out and spends £2000 on a new widescreen flat TV may be the same person who seeks out a bogof offer on cornflakes in Tescos.

There was also some research that showed that one of the most effective measures in helping drug addicts to overcome their addiction was paying them a modest reward for each week they can prove they have been drug-free. A £5 per week reward was enough. It was even effective when the person might have been spending £1000 a week on drugs. There is no logic to that but we do not behave logically, do we Mr Spock?

Gary

Quote from: Rik on Nov 16, 2010, 11:10:57
It's like drivers who buy flash cars but don't insure them, Gary.
Very true, Rik.  :(
Damned, if you do damned if you don't

armadillo

Quote from: D-Dan on Nov 16, 2010, 10:33:31
Which software are you thinking of? There are Linux versions or equivalents of just about anything you can think of, all free. And for those rare cases where the Windows version is an absolute must, there's wine (not the drink, the compatibility layer).

Steve

I think of things like Photoshop, where if you use a substitute, you have to learn a new and complex interface. Photoshop is itself complex but at least I am familiar with it. I have not got the energy to learn GIMP.

Then things that also have a hardware interface. Monitor calibration and profiling. So you want software to operate the colorimeter in the first place (I use basICColor Display4) and then it has a run time LUT loader to place its LUT into the graphics card's LUT. That kind of thing is a real pain to find in minority OSs. So yes, you can use something else but I want to use the software I choose and I do not want to be pushed by cyber terrorists into abandoning the choices I like.

I am sure there are workarounds but Linux is still geek territory, not mass market stuff. And, as I said, as soon as it is, it will be targeted.

Rik

I'm with you, Dill. When there's a version of Photoshop for Linux, it might be an option for me, but not till then.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.


Rik

Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

D-Dan

Which particular fonts? MS core fonts are available, and Linux supports TTF and PS fonts natively.

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

Rik

I have the entire Adobe Font Folio in Windows format, Steve.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.

D-Dan

Quote from: armadillo on Nov 16, 2010, 12:20:26
I think of things like Photoshop, where if you use a substitute, you have to learn a new and complex interface. Photoshop is itself complex but at least I am familiar with it. I have not got the energy to learn GIMP.

Then things that also have a hardware interface. Monitor calibration and profiling. So you want software to operate the colorimeter in the first place (I use basICColor Display4) and then it has a run time LUT loader to place its LUT into the graphics card's LUT. That kind of thing is a real pain to find in minority OSs. So yes, you can use something else but I want to use the software I choose and I do not want to be pushed by cyber terrorists into abandoning the choices I like.


There's a wealth of calibration tools for Linux - http://en.wikipedia.org/wiki/Linux_color_management

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

D-Dan

Quote from: Rik on Nov 16, 2010, 13:10:01
I have the entire Adobe Font Folio in Windows format, Steve.

I'm pretty sure they can be made to work with minimal fuss (about as much fuss as you would find with Windows, anyway)

Steve
Have I lost my way?



This post doesn't necessarily represent even my own opinions, let alone anyone else's

Rik

It was never true if you tried to use them on a Mac, Steve.
Rik
--------------------

This post reflects my own views, opinions and experience, not those of IDNet.