Rootkit with Blue Screen history now targets 64-bit Windows
'New era,' says researcher of rootkit that bypasses 64-bit kernel defenses by infecting hard drive's boot record
By Gregg Keizer
August 27, 2010 06:42 AM ET
Computerworld - A new version of the malware that crippled Windows PCs last February sidesteps safeguards designed to block rootkits from hijacking machines running 64-bit editions of Windows, researchers said Thursday.
"A new era has officially dawned: the era of x64 rootkits," said Prevx researcher Marco Giuliani in a post to the security vendor's blog
The updated rootkit, which goes by names that include Alureon, TDL, TLD3 and Tidserv, is able to infect 64-bit Windows PCs. "TLD3 can be considered as the first x64-compatible kernel mode rootkit infection in the wild," Giuliani said.
Both Prevx and Symantec have found evidence that hackers are actively using the rootkit.