Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How TDL4 rootkit gets around driver signing policy on 64-bit machine


16 Nov 2010   #1

Windows 7 & Windows Vista Ultimate
 
 
How TDL4 rootkit gets around driver signing policy on 64-bit machine

[
Quote:
Microsoft’s Windows operating system, running on a 64-bit machine provides enhanced security with driver signing of system and low level drivers. This policy, called the kernel mode code signing policy, disallows any unauthorized or malicious driver to be loaded. [1.]

The TDL4 rootkit bypasses driver signing policy on 64-bit machines by changing the boot options of Microsoft boot programs that will allow an unsigned driver to load.
See how its done at the SunbeltBlog: How the TLD4 rootkit gets around driver signing policy on a 64-bit machine.

Story at The Register: World's most advanced rootkit penetrates 64-bit Windows.


My System SpecsSystem Spec
.

18 Nov 2010   #2
jav

Windows 7 Ultimate x86 SP1
 
 

As far as I can remember TDL 3 already did it months ago?

So, it is nothing new and surprising for TDL 4 to have it? That's why I am surprised why security blogs started reporting it again. Or am I missing something new here?

I remember reading these about 2 moths ago?
TDL3 rootkit x64 goes in the wild
x64 TDL3 rootkit - follow up

EDIT: sorry, I see that article at the register already links to them.
My System SpecsSystem Spec
Reply

 How TDL4 rootkit gets around driver signing policy on 64-bit machine




Thread Tools



Similar help and support threads for2: How TDL4 rootkit gets around driver signing policy on 64-bit machine
Thread Forum
New TDL4 rootkit successfully hiding from AV Security News
Connecting to network before signing in to local machine Network & Sharing
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough System Security
Temporarily Disable Driver Signing Drivers
How do I use driver signing? Drivers
Driver signing Drivers
The Driver Signing Annoyance Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:59 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33