Alureon rootkit is back, and has acquired the ability to hijack computers running 64-bit versions of Microsoft Windows, proclaimed Marco Giuliani, security researcher with security company Prevx.
“The rootkit needs administrative privileges to infect the Master Boot Record. Even then, it still cannot load its own 64 bit compatible driver because of Windows’s kernel security. So, the dropper forces Windows to immediately restart. This way, the patched MBR can do the dirty work,” says Giuliani.
Giuliani also points out that this is not the first rootkit to be able to pass those security roadblocks – a bootkit named Whistler has been spotted being offered for sale on various underground markets some time ago – but this is the first time that the use of such a rootkit has been detected in the wild. According to him, the era of x64 rootkits has officially dawned.
More details :- http://www.prevx.com/blog/154/TDL-rootkit-x-goes-in-the-wild.html
