Seems to be quite a sophisticated attack on Windows. However, shouldn't Windows get some type of protection method against malicious rootkit drivers? Perhaps some type of hypervisor that runs on top. Actually, certain third party security companies like McAfee/Intel actually tried this back in 2008, but perhaps this stuff should be built-in or even hardware based. https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
Just wondering...this \\.\Tcp4. Is it related to Windows network settings TCP/IPv4? If i disable IPv4 and reconfigure my lan only use IPv6, does this Daxin work?
No I don't think so, they simply register this device which is named TCP4. Of course, keep in mind that this malware is not geared to home user PC's but it's still a bit shocking to see how creative these hackers are when it comes to trying to evade security tools. What I don't understand is why operating systems like Windows even offer all of these options that are mostly used by malware and not legitimate software.
