|16 Nov 2010||#1|
| || |
How TDL4 rootkit gets around driver signing policy on 64-bit machine
Microsoft’s Windows operating system, running on a 64-bit machine provides enhanced security with driver signing of system and low level drivers. This policy, called the kernel mode code signing policy, disallows any unauthorized or malicious driver to be loaded. [1.]
The TDL4 rootkit bypasses driver signing policy on 64-bit machines by changing the boot options of Microsoft boot programs that will allow an unsigned driver to load.
Story at The Register: World's most advanced rootkit penetrates 64-bit Windows.
|My System Specs|| |
|18 Nov 2010||#2|
| || |
As far as I can remember TDL 3 already did it months ago?
So, it is nothing new and surprising for TDL 4 to have it? That's why I am surprised why security blogs started reporting it again. Or am I missing something new here?
I remember reading these about 2 moths ago?
TDL3 rootkit x64 goes in the wild
x64 TDL3 rootkit - follow up
EDIT: sorry, I see that article at the register already links to them.
|My System Specs|
|Similar help and support threads for: How TDL4 rootkit gets around driver signing policy on 64-bit machine|
|New TDL4 rootkit successfully hiding from AV||Security News|
|Connecting to network before signing in to local machine||Network & Sharing|
|Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough||System Security|
|How do I use driver signing?||Drivers|