New Malware Breaks Windows 64-Bit PatchGuard, Inexplicably Targets Mac OS X

Brad Chacos

Windows PCs don't exactly have a reputation for security, but Microsoft's trying to change that. When smug know-it-alls claim that Windows PCs have more viruses than a public toilet, Microsoft points to the PatchGuard driver signing system on 64-bit Windows as their way of saying "Nuh-uh!" PatchGuard keeps the baddies from getting high-level privileges on Windows machines. Bad news: Kapersky's reporting that a new malware program that targets Windows 64-bit users has figured a way around the protection.

The malware is part of the popular BlackHole Exploit Kit and infects computers through vulnerabilities in Java and Adobe Reader, two third-party programs that basically everybody has on their computer. Kapersky reports that once Rootkit.Win64.Necurs.a gets its foot in the door, it starts downloading those annoying fake antivirus programs – you know, the "OMG! Your computer has umpteen million infected files! Click here to buy a fix!" type. The downloader gets around the Windows 64-bit protection by activating a driver test command that keeps PatchGuard from slamming on the brakes.

An interesting tidbit: one of the fake antiviruses the program tries to download is Hoax.OSX.Defma.f, a fake antivirus for Mac OS X. Obviously, it won't work, being downloaded to a 64-bit Windows computer and all, but it points to an not-quite-so-obsure, post-Mac Defender future for Mac users.

Around the web

by CPMStar (Sponsored) Free to play

Comments