Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How TDL4 rootkit gets around driver signing policy on 64-bit machine

16 Nov 2010   #1
Corrine

Windows 7 & Windows Vista Ultimate
 
 
How TDL4 rootkit gets around driver signing policy on 64-bit machine

[
Quote:
Microsoft’s Windows operating system, running on a 64-bit machine provides enhanced security with driver signing of system and low level drivers. This policy, called the kernel mode code signing policy, disallows any unauthorized or malicious driver to be loaded. [1.]

The TDL4 rootkit bypasses driver signing policy on 64-bit machines by changing the boot options of Microsoft boot programs that will allow an unsigned driver to load.
See how its done at the SunbeltBlog: How the TLD4 rootkit gets around driver signing policy on a 64-bit machine.

Story at The Register: World's most advanced rootkit penetrates 64-bit Windows.


My System SpecsSystem Spec
.

18 Nov 2010   #2
jav

Windows 7 Ultimate x86 SP1
 
 

As far as I can remember TDL 3 already did it months ago?

So, it is nothing new and surprising for TDL 4 to have it? That's why I am surprised why security blogs started reporting it again. Or am I missing something new here?

I remember reading these about 2 moths ago?
TDL3 rootkit x64 goes in the wild
x64 TDL3 rootkit - follow up

EDIT: sorry, I see that article at the register already links to them.
My System SpecsSystem Spec
Reply

 How TDL4 rootkit gets around driver signing policy on 64-bit machine




Thread Tools





Similar help and support threads
Thread Forum
Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough
I would really appreciate some help from someone with experience with this matter. Introduction: Origin: False sense of security by AVG (updated), Windows kept updated, Browser settings, firewall, and self system maintainence. Presentation: Installed a 2nd HDD (Exclusively for daily...
System Security
Group policy on local machine not on network
Hi ! Windows 7 group policy I've read a lot of post on this topic but haven't been able to find a clear answer to this question. Is it possible to create different policies on a local machine and somehow assign these policies to the groups logging in on this machine ? Seems to me that...
General Discussion
How do I use driver signing?
I'm trying to install the driver for an old electronic piano. Windows couldn't install the driver automatically, so I inserted the driver disc. But there are just a few .drv and .sys files that I can't open. I placed them in windows/system32/drivers which didn't help. In the manual it says: 1....
Drivers
Driver signing
I there a way to stop driver signing completely instead of having to disable it at boot with the F8 key I have tried several suggestions of cmd prompt commands but nothing has worked. I have a Twinhan TV Card the vista drivers work fine but are not signed. Please advise as I feel that we should...
Drivers
The Driver Signing Annoyance
Hi everyone, Well I'm thinking to make Win Seven my primary OS on my system by today and I want to know if there is anyway possible to turn the annoyance of the Driver Signing Enforcement on 64bit systems since that is the only way I tried and managed to get the internet on my netgear PCI card...
Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:16.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App