Friday, 7 February, 2025

Subscribe to Newsletter
HOME
 		  NEWS
 		  Knowledge Center
 		 
News

Kaspersky Lab Exposes Dangerous Rootkit Targeting 64bit Windows Systems

Published Jun 5, 2011

Kaspersky Lab, a leading developer of secure content and threat management solutions, announces the detection of multi purpose rootkits capable of posing a threat to both 32 and 64 bit Windows systems. The key feature of the 64 bit rootkit is that it does not try to bypass the PatchGuard kernel protection system, but uses a special digital signature for software developers instead. The rootkit is distributed via a downloader, which also tries to install other malicious software. Kaspersky Lab’s experts found one variant which attempts to download and install so called Rogue or Fake antivirus software for the Mac OS X operating system, along with other malware. Although this malware would obviously not work in a Windows environment, it indicates the cybercriminals’ growing interest in alternative software platforms.

Rootkits are malicious programs that usually exist in the form of drivers and can run at the kernel level of an operating system and load when the system boots. This makes rootkits difficult to detect using standard protection tools. The rootkits in question are propagated via a downloader, which uses a pack of exploits called “BlackHole Exploit Kit”. Typically, users’ computers are infected by visiting websites containing the downloader. A number of vulnerabilities in common software such as the Java Runtime Environment and Adobe Reader are used to attack the target machine. The downloader is used to infect both 32 bit and 64 bit Windows systems with one of the two corresponding rootkits.

“The 64-bit driver is signed with something called a ‘testing digital signature’. If Windows Vista and higher were to be booted in ‘TESTSIGNING’ mode, the applications can launch the drivers signed with such a signature. This is a special trap door which Microsoft has left for driver developers so they can test their creations. Cybercriminals have also made use of this loophole which allows them to launch their drivers without a legitimate signature;” explains Alexander Gostev, Chief Security Expert at Kaspersky Lab. “This is another example of a rootkit which does not need to bypass the PatchGuard protection system included in the latest Windows x64 systems”.

Both rootkits have similar functionality. They block users’ attempts to install or run popular anti malware programs and effectively protect themselves by intercepting and monitoring system activity. While the rootkit leaves the PC vulnerable to attacks, the downloader tries to obtain and execute malicious code, including the abovementioned Rogue AV for Mac OS X. This fake antivirus is known as Hoax.OSX.Defma.f and is one of the emerging threats for Mac OS X, which is increasingly being targeted by cybercriminals.

This example shows that malicious software is growing more sophisticated and is starting to include various components that serve individual purposes. These threats may target various versions of operating systems or even different software platforms.

Kaspersky Lab’s products are capable of successfully detecting and remediating the Trojan-Downloader.Win32.Necurs.a downloader and its corresponding rootkits Rootkit.Win32.Necurs.a / Rootkit.Win64.Necurs.a.

About Kaspersky Lab:

Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The company is ranked among the world’s top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry’s fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers.

For more information:

Cynthia Darwish
Account Manager
GolinHarris
T: +971 50216 3352

Sousie Babekian
Account Executive
GolinHarris
T: +971 50 5950735


Rate This:

Posted by VMD - [Virtual Marketing Department]

Poll
What is your favourite search engine?
Google
Yahoo
Bing

Most Viewed
  Riverbed Launches Industry’s Most Complete Digital Experience Management Solution
  Credence Security to Address Growing Market for GRC Solutions in Middle East Through Partnership with Rsam
  New Mimecast Archive Cloud Capability Streamlines GDPR Management for Email
  Planning and Scheduling Software–Helping Manufacturers Keep Their Customers Happy
  Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains
  Fujitsu Launches High-Security Biometric Authentication Solution for Active Directory IT Environments
  Rackspace Wins 2017 Red Hat Innovator of the Year Award
  ServiceNow Survey Shows 2018 as the Year of Automation for Routine Enterprise Work
  4 Tech Hacks to Faster Customer Onboarding
  New Mimecast Report Detects 400% Increase in Impersonation Attacks
Contact Us
Site Map
News RSS
Terms of Use

Developed & Managed By ROOT Technologies - Copyrights ROOT Technologies - All Rights Reserved.