Malware Resurfaces After a Decade in Chinese Cyberespionage Campaign

Discussion in 'malware problems & news' started by itman, Oct 18, 2017.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    https://www.bleepingcomputer.com/ne...-a-decade-in-chinese-cyberespionage-campaign/
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    Per the Cylance detailed analysis, this is one nasty bugger with rootkit, backdoor, and driver components using a stolen cert..
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,546
    Location:
    The Netherlands
    The most interesting thing is that even on Windows 64 bit, rootkit drivers can still be dangerous. Hacker's Door could completely bypass the firewall. Too bad that drivers can't be somehow monitored via behavior blockers, because of the way that Windows is designed. :thumbd:
     
  4. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    This won't work on Win 10 due to enhanced driver signing requirements. The "new" version of the malware is still using the "old" version cert. as noted in the Cylance article:
    For non-Win 10 users, best strategy is find the above cert., download it to your cert. CA store, and untrust it.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.