How TDL4 rootkit gets around driver signing policy on 64-bit machine


  1. Corrine
    Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       New #1

    How TDL4 rootkit gets around driver signing policy on 64-bit machine


    [
    Microsoft’s Windows operating system, running on a 64-bit machine provides enhanced security with driver signing of system and low level drivers. This policy, called the kernel mode code signing policy, disallows any unauthorized or malicious driver to be loaded. [1.]

    The TDL4 rootkit bypasses driver signing policy on 64-bit machines by changing the boot options of Microsoft boot programs that will allow an unsigned driver to load.
    See how its done at the SunbeltBlog: How the TLD4 rootkit gets around driver signing policy on a 64-bit machine.

    Story at The Register: World's most advanced rootkit penetrates 64-bit Windows.
      My Computer
    Quote Quote

  3. jav
    Posts : 713
    Windows 7 Ultimate x86 SP1
       New #2

    As far as I can remember TDL 3 already did it months ago?

    So, it is nothing new and surprising for TDL 4 to have it? That's why I am surprised why security blogs started reporting it again. Or am I missing something new here?

    I remember reading these about 2 moths ago?
    TDL3 rootkit x64 goes in the wild
    x64 TDL3 rootkit - follow up

    EDIT: sorry, I see that article at the register already links to them.
      My Computer
    Quote Quote

 

  Related Discussions
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
I'm trying to install the driver for an old electronic piano. Windows couldn't install the driver automatically, so I inserted the driver disc. But there are just a few .drv and .sys files that I can't open. I placed them in windows/system32/drivers which didn't help. In the manual it says: 1....
Driver signing
in Drivers

I there a way to stop driver signing completely instead of having to disable it at boot with the F8 key I have tried several suggestions of cmd prompt commands but nothing has worked. I have a Twinhan TV Card the vista drivers work fine but are not signed. Please advise as I feel that we should...
The Driver Signing Annoyance
in Network & Sharing

Hi everyone, Well I'm thinking to make Win Seven my primary OS on my system by today and I want to know if there is anyway possible to turn the annoyance of the Driver Signing Enforcement on 64bit systems since that is the only way I tried and managed to get the internet on my netgear PCI card...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 10:52.
Find Us