64 bit rootkits

hey wilders, i heard that 64 bit operation systems(i.e. vista 64bit/xp 64 bit/W7 64bit cant get rootkits. is this true?

 

I am not familiar with the underlying architechture myself, however I can say this: It currently is not worth the trouble to write rootkits for system which does not enjoy widespread use.


You want the most bang for your buck, therefore malware writers currently tend to write their code for systems which enjoy widespread usage (such as 32bit Windows versions). More potential victims that way

 

watsup watsup

Not true ! Maybe not as easy as with previous OS's, but not impossible. As more people use x64 then the more the bad guys will try and find ways in. They have to as there's so much money to be made.

Not only that, but keyloggers etc etc will need to be able to be installed somehow, by those who feel the need, whether for good or otherwise. And what about .GOV etc agencies that want to infiltrate peoples PC's, they too will have to find ways in !

Have a look in here -

https://www.wilderssecurity.com/showthread.php?t=251307

 

They can yes. x64 doesn't protect you from malware, rootkits, the driver would have to be signed or userland.

 

just out of curiosity and paranoia, what are the symptoms of a well hidden rootkit (i.e. kernel)?

 

There are none (just to increase your level of paranoia).


The only way to detect such would be to boot via another OS (for example, some Live CD) and scan the discs while the suspect OS is not running that way the rootkit can't hide itself.

 

so like using a rescue cd from avira which is based off the linux operating system?

 

Probably.

One possible way to find the rootkit would be to have file listing for the system done both in Windows and in Live CD and compare the results. If Windows is compromised there should be additional files in Live CD list that do not appear in Windows list.

 

well its not really a live cd. its more of a boot up antivurus scanner before loading up windows. but wouldnt that be simliar?

 

In that scenario it then depends on whether or not the AV knows the rootkit, ie. has definitions for it.

 

Depends what the OS allows. If the OS allows loading of third-party, non-digitally-signed kernel drivers on the fly, then with properly written code for the kernel (right arch, version), you can have your "rootkit" installed, on any OS.

Cheers,
Mrk

 

Digitally signed drivers are not that hard to create by 'professional' malware authors ?

 

Only if you can create a binary that has the exact same hash as the one approved by Microsoft ...
Mrk

 

Im running Win7 RTM 64bits, i recived a hijacker or something.

I search google open a link and i redirects me to like shop sites and fresh-weather.com

I ran malwarebytes dident find anything, nod32 dident find any thing.
I tried alot of antivirus, then i tried prevx witch found 2 files one was a register entry and the other one was sysmap3D.dll witch was ran in rundll.exe Couldent delete the files or anything, so tried hijacker and remove it with that, so far so good, i also used sophos antirootkit witch found 5 stuff also removed.

Anyone know about fresh-weather.com?

 

Always worth checking WOT and SiteAdvisor (especially the user comments here from experienced reviewers).

http://www.siteadvisor.com/sites/fresh-weather.com
http://www.mywot.com/en/scorecard/fresh-weather.com

Fresh-weather seems to distribute adware.