New malware targets Windows 64-bit

According to Kaspersky Lab, rootkit writers have begun exploiting a vulnerability to bypass PatchGuard protection built into 64-bit versions of Windows.

New malware targets Windows 64-bit Picture 1

Hackers have used the highly successful malware development kit of the BlackHole Exploit Kit, exploiting specific software vulnerabilities to create the first element of the attack. Next, they use a downloader to download malware to the system through two common errors in Java and Adobe Reader software.

On 64-bit Windows systems open with multiple exploit codes, this 64-bit rootkit named Rootkit.Win64.Necurs.a executes the command ' bcdedit.exe -set TESTSIGNING ON '. Usually, this is a programming command to test drivers (drivers) during development.

The vulnerability is abused by malware writers to prevent Windows PatchGuard from preventing loading rootkit drivers. Once loaded, the rootkit has the ability to prevent the exact loading of anti-virus software that can detect and remove it.

Windows PatchGuard - officially known as Kernel Patch Protection (KPP) - is a design feature of 64-bit versions of Windows (including XP, Vista, Windows 7 and Windows Server) designed to prevent Prevent malware from damaging the operating system at the highest priority level.

According to researcher Vyacheslav Zakorzhevsky of Kaspersky, malware also tried to download Hoax.OSX.Defma.f - a fake antivirus program aimed at Mac OS X users and could not run on Windows. This underscores the concern that Macs are no longer safe now that malware can operate on multiple platforms.