{"id":2995,"date":"2010-11-17T07:09:53","date_gmt":"2010-11-17T07:09:53","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=2995"},"modified":"2015-09-09T19:37:23","modified_gmt":"2015-09-09T11:37:23","slug":"tdl-aka-alureon-rootkit-now-infecting-64-bit-windows-7-platform","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2010\/11\/tdl-aka-alureon-rootkit-now-infecting-64-bit-windows-7-platform\/","title":{"rendered":"TDL AKA Alureon Rootkit Now Infecting 64-Bit Windows 7 Platform"},"content":{"rendered":"
As we’ve come to expect, the malware guys are always at the leading edge of technological development. Now there are rootkits<\/a> infecting 64-Bit versions of Windows, which have been thought of as fairly safe by most parties.<\/p>\n The rootkit in questions is a fairly well known variant (TDL\/Alureon) and has been around for several years, but according to Prevx it’s been hitting on x64 installs of Windows 7<\/a> since August this year.<\/p>\n It’s usually an oldskool method to circumvent the Windows security measures, the MBR (Master Boot Record) – haven’t seen anyway malware<\/a> using that for quite some time.<\/p>\n A notorious rootkit that for years has ravaged 32-bit versions of Windows has begun claiming 64-bit versions of the Microsoft operating system as well.<\/p>\n The ability of TDL, aka Alureon, to infect 64-bit versions of Windows 7 is something of a coup for its creators, because Microsoft endowed the OS with enhanced security safeguards that were intended to block such attacks. The rootkit crossed into the 64-bit realm sometime in August, according to security firm Prevx.<\/p>\n According to research published on Monday by GFI Software, the latest TDL4 installation penetrates 64-bit versions of Windows by bypassing the OS’s kernel mode code signing policy, which is designed to allow drivers to be installed only when they have been digitally signed by a trusted source. The rootkit achieves this feat by attaching itself to the master boot record in a hard drive’s bowels and changing the machine’s boot options.<\/p><\/blockquote>\n