“A new era has officially dawned; the era of x64 rootkits,” “The infection is spreading on the Web, by using both porn Web sites and exploit kits,” said Prevx researcher Marco Giuliani in a post to the company’s blog August 26th.
A previous version of the rootkit “Alureon/TDL3/TDSS” caused serious problems earlier this year after Microsoft security update MS10-015 left 32-bit Windows machines in an un-bootable state. BSOD after MS10-015? TDL3 authors “apologize”
Certifiedbug:
MS10-015 Issues
Update – MS10-015 Issues
Alureon Rootkit and MS10-015 Issues
MS10-015 security update re-released
“To bypass both Kernel Patch Protection and Driver Signature verification, the rootkit is patching the hard drive’s master boot record so that it can intercept Windows startup routines, owns it, and load its driver,” Giuliani said.
Prevx: http://www.prevx.com/blog/154/TDL-rootkit-x-goes-in-the-wild.html
