New Kernel mode threats

First up we have Atsiv – a signed driver that lets you load un-signed drivers on Vista x64:

Next we have this interesting blog from Symantec about the kernel mode rootkit / spam engine that was dropped on hacked machines, apparently be some of the ‘Italian Job’ hacked sites . . .

What I find interesting is that the media made a big deal about the ‘10,000 hacked web sites’ using IFRAMEs to inject malware into vulnerable PCs . . . they didn’t really talk about *what* that malware was or how it works or how many potentially owned PCs there are as a result of the mass-compromise.

Comments (0)