|02 May 2011||#1|
TDL4 bootkit reinstates 64-bit infection capability
Microsoft released security update KB2506014 on April 12 to address a vulnerability which allowed unsigned drivers to be loaded by 64-bit Windows. The TDSS/Alureon rootkit family, where TDL4 is a part of, was one of the more advanced rootkits that abused this vulnerability to load the rootkit during Windows boot up. TDL4 is also known as the Google Redirect Virus.
|My System Specs|
|08 May 2011||#4|
Its not actually a vulnerability, 64-bit versions of Windows do allow unsigned drivers to be loaded through a special command 'bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS'
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing] Value Name: BehaviorOnFailedVerify Data Type: REG_DWORD (DWORD Value) Value Data: (0 = Ignore, 1 = Warn, 2 = Block) HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000000 /f
|My System Specs|
|Similar help and support threads for2: TDL4 bootkit reinstates 64-bit infection capability|
|New TDL4 rootkit successfully hiding from AV||Security News|
|New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot||Security News|
|Do I have 64 bit capability?||General Discussion|
|How TDL4 rootkit gets around driver signing policy on 64-bit machine||System Security|
|Alureon Bootkit Trojan - Crossing the 64 bit Barrier||System Security|
|Wireless Capability is Turned Off||Network & Sharing|
|Touch capability||General Discussion|
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 07:56 PM.