Hackers behind the rootkit responsible for crippling Windows machines after users installed a Microsoft security patch have updated their malware so that it no longer crashes systems, researchers confirmed today.
Within hours of that update's release, users flooded Microsoft's support forum, reporting that their computers had been incapacitated with a Blue Screen of Death BSOD. Security researchers today said that the makers of TDSS have updated the rootkit so that it no longer conflicts with MS Marc Fossi, a manager of development with Symantec's security response team, said his researchers are also digging into the latest update of the rootkit.
The rootkit, which Symantec pegs as Tidserv, updates itself via a "phone home" feature, said Fossi. The rootkit's authors have reason to hustle out an update, said Schouwenberg and Fossi, who explained that blue-screened PCs are as worthless to the hackers -- who want access to the machines -- as they are to their owners.
We have created a Fix it solution that can determine whether a computer is compatible with this security update. For more information, click the following article number to view the article in the Microsoft Knowledge Base:.
Customers outside the United States can visit the following Microsoft Web page to find local contact numbers:. On certain Windows XP-based systems, this security update may be reoffered. This problem occurs because certain binaries are in a "Not Signed" state. To resolve this issue, follow the steps in the "Method 3: Rename the Catroot2 folder" section of the following article in the Microsoft Knowledge Base:.
However, after you the install update, the system is secured against the attacks that are described in security bulletin MS The English United States version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time DST bias.
Additionally, the dates and times may change when you perform certain operations on the files. GDR service branches contain only those fixes that are widely released to address widespread, critical issues. QFE service branches contain hotfixes in addition to widely released fixes.
In addition to the files that are listed in these tables, this software update also installs an associated security catalog file KB number. Service Pack 1 is integrated into the release version of Windows Server RTM milestone files have a 6. On the next reboot the malware code crashed attempting to call a specific address in Windows code which was no longer the intended OS function.
These technologies make it possible to detect when integrity checks fail. The different versions of Alureon that we have investigated only infect bit systems and would fail to infect bit systems. That said, it is important to note that running as a standard user instead of using an administrator account is a best practice that in most cases will prevent kernel mode malware from infecting a system.
Similarly, keeping anti-virus signatures current will also prevent most malware from infections. Additionally, since we have determined that bit systems are not affected, we are opening Automatic Updates for these platforms. Customers who are interested in additional technical details of what the Windows Kernel is can learn more here. In conjunction with Microsoft Customer Service and Support CSS , we monitor forums and track customer calls to ensure we respond to reported issues as quickly as possible.
After reviewing the information we had available, we stopped offering Automatic Update distribution of MS in order to minimize the potential for widespread customer impact while we investigated these reports. In this situation, our teams needed to get information directly from the affected systems in order to understand the cause. Because we had so few reports and needed to examine the state of the affected systems, the CSS team even drove to customer locations to retrieve machines for analysis.
This past weekend, we worked with the Microsoft Malware Protection Center MMPC on the systems that were delivered to Redmond last Friday, and confirmed that all of the affected systems had the Alureon Rootkit installed. The Windows Engineering team then began working to build a test matrix to determine if the malware was related to the reports we have been receiving. To ensure we had identified the root cause of the issue, Windows Engineering tested machines using the test process covering all 32 bit versions of Windows.
0コメント