Print
Windows PCs don't exactly have a reputation for security, but Microsoft's trying to change that. When smug know-it-alls claim that Windows PCs have more viruses than a public toilet, Microsoft points to the PatchGuard driver signing system on 64-bit Windows as their way of saying "Nuh-uh!" PatchGuard keeps the baddies from getting high-level privileges on Windows machines. Bad news: Kapersky's reporting that a new malware program that targets Windows 64-bit users has figured a way around the protection.
The malware is part of the popular BlackHole Exploit Kit and infects computers through vulnerabilities in Java and Adobe Reader, two third-party programs that basically everybody has on their computer. Kapersky reports that once Rootkit.Win64.Necurs.a gets its foot in the door, it starts downloading those annoying fake antivirus programs – you know, the "OMG! Your computer has umpteen million infected files! Click here to buy a fix!" type. The downloader gets around the Windows 64-bit protection by activating a driver test command that keeps PatchGuard from slamming on the brakes.
An interesting tidbit: one of the fake antiviruses the program tries to download is Hoax.OSX.Defma.f, a fake antivirus for Mac OS X. Obviously, it won't work, being downloaded to a 64-bit Windows computer and all, but it points to an not-quite-so-obsure, post-Mac Defender future for Mac users.
Comments are closed on this article
Links:
[1] http://www.maximumpc.com/user/brad_chacos
[2] http://www.securelist.com/en/blog?print_mode=1&weblogid=473
[3] http://www.maximumpc.com/tags/64bit
[4] http://www.maximumpc.com/tags/anti_virus
[5] http://www.maximumpc.com/tags/kapersky_0
[6] http://www.maximumpc.com/tags/malware
[7] http://www.maximumpc.com/tags/os_x
[8] http://www.maximumpc.com/tags/patchguard
[9] http://www.maximumpc.com/tags/virus
[10] http://www.maximumpc.com/tags/windows
[11] http://www.maximumpc.com/articles/news