[ Majestic @ 16.11.2010. 08:55 ] @
http://www.theregister.co.uk/2...l_rootkit_does_64_bit_windows/

Citat:
According to research published on Monday by GFI Software, the latest TDL4 installation penetrates 64-bit versions
of Windows by bypassing the OS's kernel mode code signing policy, which is designed to allow drivers to be installed only when
they have been digitally signed by a trusted source. The rootkit achieves this feat by attaching itself to the master boot record
in a hard drive's bowels and changing the machine's boot options.


Umjesto da konacno raskrste sa nepismenim i nekompetentim programerima driver-a oni opet po starom

Dzabe ti anti-theft vrata kad je kljuc ispod otiraca.
A prelazak na x64 je bio tako dobra prilika da se zrtvuje compatibility u korist sigurnosti....
[ Impaler @ 16.11.2010. 09:16 ] @
je to onaj pagefile attack za koji se znalo josh prije nego je vista izasla.

prakticki posotji napad koji dozvoljava loadanje unsigned drivera ako se prepisu neki djelovi po disku,
a to pisanje omogucuje neki drugi legalan signed driver koji ima tu funkciju. (a da nema nuzno security vuln u sebi)
[ Majestic @ 16.11.2010. 09:26 ] @
Citat:
Impaler: je to onaj pagefile attack za koji se znalo josh prije nego je vista izasla.

prakticki posotji napad koji dozvoljava loadanje unsigned drivera ako se prepisu neki djelovi po disku,
a to pisanje omogucuje neki drugi legalan signed driver koji ima tu funkciju. (a da nema nuzno security vuln u sebi)


http://www.prevx.com/blog/155/x-TDL-rootkit--follow-up.html