64 bit rootkits

Discussion in 'malware problems & news' started by wutsup, Sep 23, 2009.

Thread Status:
Not open for further replies.
  1. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    hey wilders, i heard that 64 bit operation systems(i.e. vista 64bit/xp 64 bit/W7 64bit cant get rootkits. is this true?
     
  2. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    I am not familiar with the underlying architechture myself, however I can say this: It currently is not worth the trouble to write rootkits for system which does not enjoy widespread use.


    You want the most bang for your buck, therefore malware writers currently tend to write their code for systems which enjoy widespread usage (such as 32bit Windows versions). More potential victims that way :)
     
  3. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    watsup watsup

    Not true ! Maybe not as easy as with previous OS's, but not impossible. As more people use x64 then the more the bad guys will try and find ways in. They have to as there's so much money to be made.

    Not only that, but keyloggers etc etc will need to be able to be installed somehow, by those who feel the need, whether for good or otherwise. And what about .GOV etc agencies that want to infiltrate peoples PC's, they too will have to find ways in !

    Have a look in here -

    https://www.wilderssecurity.com/showthread.php?t=251307
     
  4. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    They can yes. x64 doesn't protect you from malware, rootkits, the driver would have to be signed or userland.
     
  5. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    just out of curiosity and paranoia, what are the symptoms of a well hidden rootkit (i.e. kernel)?
     
  6. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    There are none :) (just to increase your level of paranoia).


    The only way to detect such would be to boot via another OS (for example, some Live CD) and scan the discs while the suspect OS is not running :D that way the rootkit can't hide itself.
     
  7. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    so like using a rescue cd from avira which is based off the linux operating system?
     
  8. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Probably.

    One possible way to find the rootkit would be to have file listing for the system done both in Windows and in Live CD and compare the results. If Windows is compromised there should be additional files in Live CD list that do not appear in Windows list.
     
  9. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    well its not really a live cd. its more of a boot up antivurus scanner before loading up windows. but wouldnt that be simliar?
     
  10. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    In that scenario it then depends on whether or not the AV knows the rootkit, ie. has definitions for it.
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Depends what the OS allows. If the OS allows loading of third-party, non-digitally-signed kernel drivers on the fly, then with properly written code for the kernel (right arch, version), you can have your "rootkit" installed, on any OS.

    Cheers,
    Mrk
     
  12. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Digitally signed drivers are not that hard to create by 'professional' malware authors ?
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Only if you can create a binary that has the exact same hash as the one approved by Microsoft ...
    Mrk
     
  14. mjau

    mjau Registered Member

    Joined:
    Jan 11, 2009
    Posts:
    30
    Im running Win7 RTM 64bits, i recived a hijacker or something.

    I search google open a link and i redirects me to like shop sites and fresh-weather.com

    I ran malwarebytes dident find anything, nod32 dident find any thing.
    I tried alot of antivirus, then i tried prevx witch found 2 files one was a register entry and the other one was sysmap3D.dll witch was ran in rundll.exe Couldent delete the files or anything, so tried hijacker and remove it with that, so far so good, i also used sophos antirootkit witch found 5 stuff also removed.

    Anyone know about fresh-weather.com?
     
  15. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
Loading...
Thread Status:
Not open for further replies.