(FakeAV) Win 8 Security System and its Rootkit

Discussion in 'malware problems & news' started by FanJ, Aug 31, 2012.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  2. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Hmmm, i'm pretty sure tons of people will get infected.
    Looks pretty legit for inexperienced users. :D
     
  3. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,416
    yeah sadly they will, where did this come from? must be a fairly popular file download site
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Interestingly, the CERT was issued by www.rapidssl.com

    fav.gif

    which is listed in WhoIs etc as owned by,

    :eek:

    I used the online contact form to alert them. Let's see if they respond, & how quickly ?
     
  5. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    No doubt about it.I just hope there smart enough not to whip out the credit card so fast,but I imagine a lot will go into panic mode and will though.
     
  6. SLE

    SLE Registered Member

    Joined:
    Jun 30, 2011
    Posts:
    361
    For the dropper the detection is not as bad as for the installed rootkit driver which is mentioned in the blog. ~ VirusTotal Results Removed per Policy ~

    Beside that a good behaviour blocker will do the trick, short tests showed no problems for the BBs of EAM and GDATA.
     
    Last edited by a moderator: Sep 1, 2012
  7. Brandonn2010

    Brandonn2010 Registered Member

    Joined:
    Jan 10, 2011
    Posts:
    1,849
    "The malware installs a different driver on computers running 64-bit Windows and disables 64-bit kernel-mode driver signing on these machines."

    So it bypasses PatchGuard? Wow. Maybe Ilya could find out how for 64-bit DW :D
     
  8. 3x0gR13N

    3x0gR13N Registered Member

    Joined:
    May 1, 2008
    Posts:
    754
    That's not the preferred way of doing it. ;)

    Malware has been able to install drivers in 64bit systems for a long time, so nothing new re: 64bit driver signing and bypassing KPP.
     
Loading...
Thread Status:
Not open for further replies.