Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: TDL4 bootkit reinstates 64-bit infection capability

02 May 2011   #1
malexous

Arch Linux 64-bit
 
 
TDL4 bootkit reinstates 64-bit infection capability

Quote:
Microsoft released security update KB2506014 on April 12 to address a vulnerability which allowed unsigned drivers to be loaded by 64-bit Windows. The TDSS/Alureon rootkit family, where TDL4 is a part of, was one of the more advanced rootkits that abused this vulnerability to load the rootkit during Windows boot up. TDL4 is also known as the Google Redirect Virus.
...
TDL4 bootkit reinstates 64-bit infection capability


My System SpecsSystem Spec
02 May 2011   #2
niemiro

Vista Home Premium x86 SP2
 
 

For a greater technical depth of the new TDL4, see here: TDL4 rootkit is coming back stronger than before
My System SpecsSystem Spec
08 May 2011   #3
Xhi

Windows 7 Ultimate 64-bit / Ubuntu Linux 11.04
 
 

Ugh... TDSS/Alureon, I hate this rootkit. It's the most common issue with computers in the office. So hard to detect and remove, and now they come up with a newer version.
My System SpecsSystem Spec
08 May 2011   #4
yowanvista

Windows 8.1 Pro x64
 
 

Its not actually a vulnerability, 64-bit versions of Windows do allow unsigned drivers to be loaded through a special command 'bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS'
Code:
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing]
Value Name: BehaviorOnFailedVerify
Data Type: REG_DWORD (DWORD Value)
Value Data: (0 = Ignore, 1 = Warn, 2 = Block)  HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000000 /f
My System SpecsSystem Spec
Reply

 TDL4 bootkit reinstates 64-bit infection capability




Thread Tools





Similar help and support threads
Thread Forum
First Public Mac OS X Firmware Bootkit Unleashed
Source A Guy
Security News
New TDL4 rootkit successfully hiding from AV
Source A Guy
Security News
New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot
Source A Guy
Security News
Do I have 64 bit capability?
I'm running Win7 HP x86 on my eMachine and ran the Intel CPU ID Utility and it gave me the attached result. Does this mean I can run a x64 bit version of Win7? Thanks.
General Discussion
How TDL4 rootkit gets around driver signing policy on 64-bit machine
How the TLD4 rootkit gets around driver signing policy on a 64-bit machine. Story at The Register: World's most advanced rootkit penetrates 64-bit Windows.
System Security
Alureon Bootkit Trojan - Crossing the 64 bit Barrier
UAC is there for a reason!
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:38.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App