LigH
6th December 2010, 16:15
Alureon / TDL is able to deactivate driver signature checks and to circumvent the Kernel PatchGuard by bending API calls during the boot process. It just needs Administrator rights once for MBR access.
Source: heise Security News (german (http://www.heise.de/security/meldung/Rootkit-hebelt-Kernel-Schutz-und-Treibersignierung-von-64-Bit-Windows-aus-1137047.html) / english (http://www.h-online.com/news/item/Rootkit-able-to-bypass-kernel-protection-and-driver-signing-in-64-bit-Windows-1137225.html))
__
64 bit Windows may be harder to break ... but is still Windows, and therefore still the first target.
Source: heise Security News (german (http://www.heise.de/security/meldung/Rootkit-hebelt-Kernel-Schutz-und-Treibersignierung-von-64-Bit-Windows-aus-1137047.html) / english (http://www.h-online.com/news/item/Rootkit-able-to-bypass-kernel-protection-and-driver-signing-in-64-bit-Windows-1137225.html))
__
64 bit Windows may be harder to break ... but is still Windows, and therefore still the first target.