 | |
| |
| 16 Nov 2010 | #1 |
| | How TDL4 rootkit gets around driver signing policy on 64-bit machine [ Quote: Microsoft’s Windows operating system, running on a 64-bit machine provides enhanced security with driver signing of system and low level drivers. This policy, called the kernel mode code signing policy, disallows any unauthorized or malicious driver to be loaded. [1.] The TDL4 rootkit bypasses driver signing policy on 64-bit machines by changing the boot options of Microsoft boot programs that will allow an unsigned driver to load. Story at The Register: World's most advanced rootkit penetrates 64-bit Windows. |
My System Specs | |
| 18 Nov 2010 | #2 |
| | As far as I can remember TDL 3 already did it months ago? So, it is nothing new and surprising for TDL 4 to have it? That's why I am surprised why security blogs started reporting it again. Or am I missing something new here? I remember reading these about 2 moths ago? TDL3 rootkit x64 goes in the wild x64 TDL3 rootkit - follow up EDIT: sorry, I see that article at the register already links to them. |
| My System Specs |
 |
How TDL4 rootkit gets around driver signing policy on 64-bit machine problems?
| Thread Tools | |
| Similar help and support threads for: How TDL4 rootkit gets around driver signing policy on 64-bit machine | ||||
| Thread | Forum | |||
| New TDL4 rootkit successfully hiding from AV | Security News | |||
| Connecting to network before signing in to local machine | Network & Sharing | |||
| Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough | System Security | |||
| How do I use driver signing? | Drivers | |||
| Driver signing | Drivers | |||
All times are GMT -5. The time now is 02:02 AM.
