New Malware Breaks Windows 64-Bit PatchGuard, Inexplicably Targets Mac OS X
New Malware Breaks Windows 64-Bit PatchGuard, Inexplicably Targets Mac OS X
Posted 06/06/2011 at 10:38am
| by Brad Chacos
6
Comments
Print
Windows PCs don't exactly have a reputation for security, but Microsoft's trying to change that. When smug know-it-alls claim that Windows PCs have more viruses than a public toilet, Microsoft points to the PatchGuard driver signing system on 64-bit Windows as their way of saying "Nuh-uh!" PatchGuard keeps the baddies from getting high-level privileges on Windows machines. Bad news: Kapersky's reporting that a new malware program that targets Windows 64-bit users has figured a way around the protection.
The malware is part of the popular BlackHole Exploit Kit and infects computers through vulnerabilities in Java and Adobe Reader, two third-party programs that basically everybody has on their computer. Kapersky reports that once Rootkit.Win64.Necurs.a gets its foot in the door, it starts downloading those annoying fake antivirus programs – you know, the "OMG! Your computer has umpteen million infected files! Click here to buy a fix!" type. The downloader gets around the Windows 64-bit protection by activating a driver test command that keeps PatchGuard from slamming on the brakes.
An interesting tidbit: one of the fake antiviruses the program tries to download is Hoax.OSX.Defma.f, a fake antivirus for Mac OS X. Obviously, it won't work, being downloaded to a 64-bit Windows computer and all, but it points to an not-quite-so-obsure, post-Mac Defender future for Mac users.
More like this
6
Comments
Comments are closed on this article
th_fixer
February 27, 2012 at 11:00am
It is not new to get infected using Windows 7. I myself get infected all the time. I tried a lot of anti virus software but every time there is a tiny spyware or malware which gets trough it.
TechLarry
June 06, 2011 at 10:54am
I see infected 64-bit windows 7 systems all the time. Most are drive by installs.
Nothing, NOTHING has changed.
TerribleToaster
June 06, 2011 at 10:48am
Now we just need Ubuntu to get a bad piece of malware to complete the trifecta.
aarcane
June 06, 2011 at 2:07pm
I had an infection on my ubuntu system. my brother used the username "dan" and the password "password" and I knew I had a damn good reason, but I couldn't remember what it was (SSH is available over teh intarwebz). so I caved and let him use password. his acct. got hacked and they installed a cronjob that sent spam (or tried to. outbound mail was blocked.). I found it about a month later, cleaned it out, and locked his account for a month to encourage him to choose a better password next time.
BAMT
June 06, 2011 at 5:56pm
Uh... that's the equivalent of letting somebody going into Windows task scheduler. Not infection.
Also, driver signing is pretty annoying when writing drivers for 64 bit Windows (unless you have money to waste on M$ keys). I rigged up my 64bit NT6.1 to boot without driver signing by default (I forget how I did it, but I remember it was annoying to do, and it definitely worked because I have unsigned drivers.)
aarcane
June 06, 2011 at 9:12pm
yeah, it pretty much is. ..which is half of the point. ..which you obviously missed :)
Connect with MaximumPC
Featured Content
The gang discusses the GTX 690, Trinity, Ivy Bridge, Amazon, big-box stores, MMOs,...
This month's issue
Feature
Build a PC On Any Budget
Feature
Cloud Services Showdown
How-To
Encrypt Your External Drive
Build It
Upgrade an X58 Rig
Most Commented Articles
Latest Max PC Tweets
- maximumpc: Original RickRoll Video Returns to YouTube After 24-Hour Copyright Hiatus http://t.co/MaH9Sxyy1 day 21 hours ago
- maximumpc: Corsair has decided not to go forward with its $78 million IPO, citing weak equity market conditions http://t.co/A5a4DAzj1 day 21 hours ago
- maximumpc: Want to work at Maximum PC? Our Online Managing Editor, Alex, is moving away, so we need a new one. http://t.co/9Z7JCh0E3 days 19 hours ago
