New Kernel mode threats


First up we have Atsiv – a signed driver that lets you load un-signed drivers on Vista x64:


http://www.symantec.com/enterprise/security_response/weblog/2007/07/driver_signing_on_vista_64bit.html


Next we have this interesting blog from Symantec about the kernel mode rootkit / spam engine that was dropped on hacked machines, apparently be some of the ‘Italian Job’ hacked sites . . .


http://www.symantec.com/enterprise/security_response/weblog/2007/06/spam_from_the_kernel_fullkerne.html


What I find interesting is that the media made a big deal about the ‘10,000 hacked web sites’ using IFRAMEs to inject malware into vulnerable PCs . . . they didn’t really talk about *what* that malware was or how it works or how many potentially owned PCs there are as a result of the mass-compromise.


Comments (0)