New Rootkit Bypasses Windows Code-Signing Security

system · November 16, 2010, 7:50pm

Can avast! free protect against this:

“In recent versions of Windows, specifically Vista and Windows 7, Microsoft has introduced a number of new security features designed to prevent malicious code from running. But attackers are continually finding new ways around those protections, and the latest example is a rootkit that can bypass the Windows driver-signing protection.”

http://threatpost.com/en_us/blogs/tdl4-rootkit-bypasses-windows-code-signing-protection-111610

system · November 16, 2010, 8:19pm

If they detect the dropper, yes. Avast cannot detect/remove it if it gets installed though. Use TDSS Killer for that.

Pondus · November 16, 2010, 8:31pm

impossible to say since this is not one bug and new variations are released

so unless you have a specific sample you can upload to virustotal or md5 you can search for… ???

system · November 16, 2010, 8:54pm

oopps!! to much for that

system · November 17, 2010, 8:07am

Huh ???

Asyn · November 17, 2010, 8:16am

http://forum.avast.com/index.php?topic=52252.msg558844#msg558844
asyn

system · November 17, 2010, 8:37am

Thanks Asyn. This is where this post should have been in the “Security & Warning Notices” section of the General Category of the forum.

New Rootkit Bypasses Windows Code-Signing Security

Announcements