Skip to comments.Rootkit writers outfox Windows 64-bit PatchGuard protection
Posted on 05/27/2011 8:22:35 AM PDT by Tribune7
Rootkit writers have started exploiting a loophole that lets them write malware able to bypass the PatchGuard driver signing protection built into 64-bit versions of Windows, Kaspersky Lab has reported.
A product of the BlackHole Exploit Kit, a hugely successful kit for building malware to hit specific software vulnerabilities, the first element of the attack on a system is straightforward enough, using a downloader to hit the system through two common Java and Adobe Reader software flaws.
On 64-bit Windows systems open to these exploits, this calls a 64-bit rootkit, Rootkit.Win64.Necurs.a., which executes the 'bcdedit.exe -set TESTSIGNING ON command, normally a programming command for trying out drivers during development.
The loophole abused by the malware writers is that this stops Windows' Patchguard from objecting to the unsigned and insecure nature of the driver (in this case a rootkit driver) being loaded.
(Excerpt) Read more at itworld.com ...
Since you seem to be in a virii mood today. :-)
JAVA, Adobe, and Flash seem to be the biggest vulnerabilities out there, aside from user ignorance.
You are just mean./snicker
good intel. Glad I’m security aware. But if this was OSX with this attack they’d say it doesn’t count because it requires a 3rd party application to expose it. And a user has to be on the machine and click on something.
See how stupid that sounds?
Only stupid if it wasn’t the truth. Mac users don’t need to click on “something”, they need to click on the installer of the malware.
Mac users do not click on something in Adobe and, “Voilia!” a trojan is installed. I know you get your rocks off an this stuff, but you are still voluntarily ignorant of the facts.
As an aside, Kaspersky reports that the malware also attempts to download Hoax.OSX.Defma.f, a recent and well-publicised fake antivirus program targeting Mac OS X users, which can't run on Windows.
"It appears that the developers of the latest rogue AV program for MacOS are actively distributing it via intermediaries, who don't really understand what it is they are supposed to install on users' computers," said Kaspersky researcher, Vyacheslav Zakorzhevsky, in his blog covering the malware.
This underlines the ominous way that Macs are now seen as just another platform to be targeted where possible using multi-platform malware.
It seems the 64 bit update had to be reinstalled for some reason.
My VIPRE antivirus seems to work pretty well.
What do y’all suggest to insure against this nastiness?
Huh? The installer auto runs. But you’re arguing it’s good to have a trojan install without a user password?
Wow, really? Before it was this is impossible on Macs, now the macbot crowd is claiming the viruses on Mac aren’t as bad as the viruses on Windows because Windows requires a 3rd party exploit and the Mac requires only exploiting Safari an Apple program. Now that is lame.
Oh and 4 years in a row OSX was the first one hacked at a hacking competition (pwn2own). I guess they aren’t secure at all.
On the OSX virus thread you said it doesn’t count because it was reported from an anti-virus software company. Well by that stupid logic this one doesn’t count either since it’s from Kapersky Labs.
I’m quite amused at how many popups I get on boot of my Win7 machines for updates to those very same products almost weekly now. Whereas on my Linux boxes, I don’t get anything popping up (no autostart) and can control my package installs when it’s time.
M$, with all of its warts, is still the most common OS distributor and will continue to be exploited by those who wish to steal from the unwitting. A proper mindset on the web along with a comprehensive knowledge of the programs installed on your machine should help to identify any rogue programs trying to make your life Hell.
Of course, with Linux, I do my dirtiest work and save my Win7 machine solely for gaming.
Nope. It’s not good to have an installer run without a password. Thing is, how many administrator accounts are set up without passwords. Neither situation good and Apple needs to fix the workaround to that.
Either way, the user still has to manually install an app loader and go through the steps of installing it.
The Mac part is, as noted in the article, "an aside" to indicate that black hatters don't necessarily know what they are doing.
When a rootkit inserted via Adobe Reader is developed for OSX then you can start crowing.
BTW, I don't discount the possibility but it hasn't come close to happening yet.
No this article is about 2 things. The title is just about one of those two issues.
Try reading the ENTIRE article. And if you’re going for the it doesn’t count until it happens defense...watch out. Recently Apple got the first malware that didn’t require an admin password to install.
Apple would be wise to start educating their users on security instead of acting like they can ignore it and they will be safe because they are using an apple product.
7, far newer than OSX and despite its vaunted security, has got rootkits.
This has yet to happen to OSX. The worst that involves OSX so far is a socially engineered phishing scheme that involves a user knowingly installing an application, not simply clicking on a pdf file or photo or webgame etc.
Why would we need educating on that? We mostly are all former Windows users, who have more experience of (lack of) security than we ever wanted in the first place . . .
Exactly. They are the windows users who didn’t know jack about security so they thought switching to a less used os would help then hide from the boogyman virus...now those some dumb users are getting hit using a Mac.
. . . except that we knew enough to think that Unix, which was designed as a multiuser system, was more secure than any system designed with the assumption that only a single trustworthy user would ever be able to communicate with the computer.Computers/OSes are so complex that it's naive to suppose that anyone actually understands them; Chaos theory gives a vague feel for the unpredictability of such a system.
But the principle that I do not want to allow separation of responsibility and authority is as true of computer security as it is government. I reject the Democrat premise that if life consists of a series of catastrophic failures of greedy people outside the journalist/Democrat complex, ameliorated only by the pure motives of journalists and their political acolytes. Actual results are what count, and whoever actually has the authority is responsible for those results.In the computer security field I don't care whether the malware got in because the antivirus software didn't recognize the vector, or whether the system should have defeated the vector in the first place. I want one organization to take responsibility for making it possible for me - me, not some geek with a post doctorate education in cyphers - to operate a computer online without being a sitting duck. So I am attracted to a system which has a better track record, and I am attracted to a vendor who takes system responsibility rather than providing hardware and blaming problems on somebody else's OS, or one providing an OS but recommending antivirus software be bought from yet another software vendor.
Apple has, up til now, lived up to that system responsibility rather well. They have built recognition of some trojans into the OS. And I expect that they will continue to do so, until and unless someone comes up with a quantum computer capable of instantly cracking any and every password. As far as I'm concerned, if I never have to give up on Apple's ability to protect its customers itself rather than yielding over to third-party anti-malware software specialists, it will be too soon.
And the day when every computer on the shelf is adequately protected by a hard security layer can't come soon enough. Seems like Win7 may finally be up to snuff.
I highly doubt the dumb window user who know nothing about security would switch because he understands UNIX and the way it does security. If they understood that then windows would have been fine as well.
Well, I'm smart enough to know that Unix was designed more robustly than DOS and Windows - but, in my own experience, found that fear of the non-robust nature of Windows made me stupid when using Windows. I don't enjoy feeling stupid, so I bought a Unix box which wasn't designed for geeks. Which is what the OS X version of the Mac is, and what Linux would like to be. And apparently Win 7 is pretty much there too, finally. Which is good, because my daughter's husband wanted to get her a Win 7 box for her birthday and I chipped in to help buy it, confident that it was a workable computer.
I concur. Apple couldn’t write an os that was worth anything so they finally ripped one from UNIX. XP is still the number one os serving in a period that it truly isn’t meant for. That was some seriously good os for its day.
Bug win 7 is definitely the way to go for windows.
Steve Jobs commented at the time he left Apple that he was certain that Unix was the future of the personal computer. The problem was that the Apple II and the Mac and the PC date back to the time before microchip features were small enough to make it practical to run Unix on a personal computer. Anyone who so chooses can put a negative spin such as "ripped off" on the decision not to reinvent the wheel when Unix already served the purpose at hand, but it was always Jobs' intention and desire to use Unix.But win 7 is definitely the way to go for windows.
Yes. The pity is that it was so hard to get there without making too big a break from DOS compatibility at any one step.
Maybe if Gates hadn't bought ("ripped off"?) DOS in the first place, things would have been different?
Huh? So you’re saying the previous version of Mac OS were good?
I'm saying that OS X would not have run on the 128K Mac with a hard drive rated in a handful of megabytes. The previous version of Mac OS was the best GUI they could do on an economical PC in the early 1980s, and although Unix would have been better, affordable PCs of that time couldn't run it and get anything done.
Really? Unix with xwindows wouldn’t run in the 90’s either? I think there are a ton of Linux heads that will dispute that.
If the question is whether Jobs would have done OS X in the nineties if he had been in charge of Apple over that decade, the answer is yes. Jobs proved that when he brought out the NeXT computer, which was a more immediate predecessor to OS X than the old Mac itself was.
If it had been as easy as you make it sound, Jobs would have used Unix for the initial Mac - but that was a bridge too far at that time. The hardware it required was still too bleeding edge in 1988, which was why NeXT failed.
You could say that Linux has been the geek's NeXT.
When he returned to Apple, Jobs brought out OS X and delivered the whole commercial package - finished, well-integrated hardware and software, and marketing/advertising, sales, and support. Completing the Apple Store network is still a work in progress because you can live in a major population center without being close to one of the stores. Seems like that would be a good place to put some of that cash hoard Apple is known for . . .