New malware targets Windows 64-bit
According to Kaspersky Lab, rootkit writers have begun exploiting a vulnerability to bypass PatchGuard protection built into 64-bit versions of Windows.
According to Kaspersky Lab, rootkit writers have begun exploiting a vulnerability to bypass PatchGuard protection built into 64-bit versions of Windows.
Hackers have used the highly successful malware development kit of the BlackHole Exploit Kit, exploiting specific software vulnerabilities to create the first element of the attack. Next, they use a downloader to download malware to the system through two common errors in Java and Adobe Reader software.
On 64-bit Windows systems open with multiple exploit codes, this 64-bit rootkit named Rootkit.Win64.Necurs.a executes the command ' bcdedit.exe -set TESTSIGNING ON '. Usually, this is a programming command to test drivers (drivers) during development.
The vulnerability is abused by malware writers to prevent Windows PatchGuard from preventing loading rootkit drivers. Once loaded, the rootkit has the ability to prevent the exact loading of anti-virus software that can detect and remove it.
Windows PatchGuard - officially known as Kernel Patch Protection (KPP) - is a design feature of 64-bit versions of Windows (including XP, Vista, Windows 7 and Windows Server) designed to prevent Prevent malware from damaging the operating system at the highest priority level.
According to researcher Vyacheslav Zakorzhevsky of Kaspersky, malware also tried to download Hoax.OSX.Defma.f - a fake antivirus program aimed at Mac OS X users and could not run on Windows. This underscores the concern that Macs are no longer safe now that malware can operate on multiple platforms.
- The Purple Fox malware targets vulnerable Windows systems worldwide
- What is Joker Malware? The most effective way to protect against Joker Malware
- Appears new malware HiatusRAT targeting enterprise routers
- Mandrake: Super sophisticated Android malicious code, only 4 years to be discovered
- How to Avoid or Remove Mac Defender Malware from Mac OS X V10.6 or Earlier
- PXA Stealer targets sensitive data in users' browsers: Here's how to stay safe!
- How to detect and remove malware Agent Smith on Android
- BadBox Malware Is Picking Up Speed, Targeting Certain Android Devices
- Mars Stealer - dangerous malware that silently steals cryptocurrency
- What should users do when their iPhone is attacked by malware?