Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11New malware targets Windows 64-bit
According to Kaspersky Lab, rootkit writers have begun exploiting a vulnerability to bypass PatchGuard protection built into 64-bit versions of Windows.
Hackers have used the highly successful malware development kit of the BlackHole Exploit Kit, exploiting specific software vulnerabilities to create the first element of the attack. Next, they use a downloader to download malware to the system through two common errors in Java and Adobe Reader software.
On 64-bit Windows systems open with multiple exploit codes, this 64-bit rootkit named Rootkit.Win64.Necurs.a executes the command ' bcdedit.exe -set TESTSIGNING ON '. Usually, this is a programming command to test drivers (drivers) during development.
The vulnerability is abused by malware writers to prevent Windows PatchGuard from preventing loading rootkit drivers. Once loaded, the rootkit has the ability to prevent the exact loading of anti-virus software that can detect and remove it.
Windows PatchGuard - officially known as Kernel Patch Protection (KPP) - is a design feature of 64-bit versions of Windows (including XP, Vista, Windows 7 and Windows Server) designed to prevent Prevent malware from damaging the operating system at the highest priority level.
According to researcher Vyacheslav Zakorzhevsky of Kaspersky, malware also tried to download Hoax.OSX.Defma.f - a fake antivirus program aimed at Mac OS X users and could not run on Windows. This underscores the concern that Macs are no longer safe now that malware can operate on multiple platforms.
Samuel DanielYou should read it
- These Anti-Rootkit tools should and should be in the system
- Kaspersky launches antivirus version for Mac
- EternalRocks - more dangerous malicious code than WannaCry exploits up to seven NSA vulnerabilities
- Bi.a threatens both Windows and Linux
- Windows revolution and breakthrough changes through each version
- Kaspersky can forecast malware translation
- Review Kaspersky Internet Security 2021: A comprehensive set of security tools for computers
- Moriya: An advanced and very dangerous 'stealth' Rootkit
May be interested
- Learn about SpeakUp - New Malware targets Linux servers
a recent malware chain called speakup is using backdoor attacks to exploit on linux-based servers. - SolarMarker malware puts users at riskmicrosoft is tracking a series of attacks that use seo poisoning to infect targets with a remote access trojan (rat) that is capable of stealing victims' sensitive information and backing up their systems.
- How to find and remove WMI Persistence malware from Windows PCswmi persistence refers to the attacker installing a script, specifically an event handler, that is always fired when a wmi event occurs.
- Windows Startup Tips That Will Save You From Dangerous Malwarewhen it comes to windows, it's always helpful to know a few tricks for when your computer starts to crash. many people have recently encountered a similar situation, and have restarted their computers with this super simple trick.
- Learn about Warmcookie: Malware that targets people looking for workwarmcookie finds its way onto a pc after the victim is infected with a malicious application. the application downloads the warmcookie dll to create a process in windows that fires every 10 minutes.
- How many types of malware do you know and how to prevent them?currently, computer criminals use a lot of different malware (malware) to attack the system. here are some of the most common malware types and ways to prevent them.
- 500 virulent viruses are looking for ways to 'destroy' mobile phonesaccording to an article on the san jose mercury site, mobile phones are the target of 500 malware attacks.
- 10 typical malware typescurrently, more and more sophisticated and more malicious new malware types appear. anyone can know the harmful effects of malware, but not everyone knows how they work. this article will point out the 10 most dangerous types of malware ever.
- The Gupteba botnet that infected 1 million Windows computers has just been taken down by Googleglopbeta is a dangerous type of malware with the ability to steal user information and cookies, mine virtual currency, deploy and operate proxy components... it usually targets both windows and device systems. iot devices.
- What is Safe Malware? Why is it so dangerous?remote access trojan (rat) is a type of malware that allows hackers to monitor and control the victim's computer or network.
Virus Removal - Spyware
- Malware that attacks Mac OS X adds 'cousins'
- Find and remove Malware with Sysinternals Tools - Part 1
- Basic operations to remove fake security software
- Find and remove Malware with Sysinternals Tools - Part 2: Autoruns
- Detect new malicious code to attack Android device
- Warning virus similar to Stuxnet 'computer worm'
Malware that attacks Mac OS X adds 'cousins'
Find and remove Malware with Sysinternals Tools - Part 1
Basic operations to remove fake security software
Find and remove Malware with Sysinternals Tools - Part 2: Autoruns
Detect new malicious code to attack Android device
Warning virus similar to Stuxnet 'computer worm'