New malware targets Windows 64-bit
According to Kaspersky Lab, rootkit writers have begun exploiting a vulnerability to bypass PatchGuard protection built into 64-bit versions of Windows.
Hackers have used the highly successful malware development kit of the BlackHole Exploit Kit, exploiting specific software vulnerabilities to create the first element of the attack. Next, they use a downloader to download malware to the system through two common errors in Java and Adobe Reader software.
On 64-bit Windows systems open with multiple exploit codes, this 64-bit rootkit named Rootkit.Win64.Necurs.a executes the command ' bcdedit.exe -set TESTSIGNING ON '. Usually, this is a programming command to test drivers (drivers) during development.
The vulnerability is abused by malware writers to prevent Windows PatchGuard from preventing loading rootkit drivers. Once loaded, the rootkit has the ability to prevent the exact loading of anti-virus software that can detect and remove it.
Windows PatchGuard - officially known as Kernel Patch Protection (KPP) - is a design feature of 64-bit versions of Windows (including XP, Vista, Windows 7 and Windows Server) designed to prevent Prevent malware from damaging the operating system at the highest priority level.
According to researcher Vyacheslav Zakorzhevsky of Kaspersky, malware also tried to download Hoax.OSX.Defma.f - a fake antivirus program aimed at Mac OS X users and could not run on Windows. This underscores the concern that Macs are no longer safe now that malware can operate on multiple platforms.
You should read it
- Sorry, Kaspersky, Microsoft is building more security tools in Windows 10 Fall Creators Update
- Metasploit - Tool to exploit vulnerabilities
- These Anti-Rootkit tools should and should be in the system
- Kaspersky launches antivirus version for Mac
- EternalRocks - more dangerous malicious code than WannaCry exploits up to seven NSA vulnerabilities
- Bi.a threatens both Windows and Linux
- Windows revolution and breakthrough changes through each version
- Kaspersky can forecast malware translation
- Review Kaspersky Internet Security 2021: A comprehensive set of security tools for computers
- Moriya: An advanced and very dangerous 'stealth' Rootkit
- Windows 7 users need to install Microsoft patches immediately to fix BlueKeep security errors
- The CredSSP vulnerability in the RDP protocol affects all versions of Windows
Maybe you are interested
How to Enable and Disable Tabs in File Explorer on Windows 11
5 macOS Sequoia Features Not Available on Windows 11
Why does Windows operating system have such a bad reputation?
Quickly fix Unmountable Boot Volume error on Windows 10/11
15 safe software and application download websites for Windows
How to Fix Clipboard History Error in Windows 11 Latest Update