New Malware Breaks Windows 64-Bit PatchGuard, Inexplicably Targets Mac OS X

Category: General News Softwares | Posted on June 06, 2011

0 person

PCs don’t exactly have a reputation for security, but Microsoft’s trying to change that. When smug know-it-alls claim that PCs have more viruses than a public toilet, Microsoft points to the driver signing system on Windows as their way of saying “Nuh-uh!” PatchGuard keeps the baddies from getting high-level privileges on Windows machines. Bad news: ’s reporting that a new program that targets Windows users has figured a way around the protection.

The malware is part of the popular BlackHole Exploit Kit and infects computers through vulnerabilities in Java and Adobe Reader, two third-party programs that basically everybody has on their computer. Kapersky reports that once Rootkit.Win64.Necurs.a gets its foot in the door, it starts downloading those annoying fake antivirus programs – you know, the “OMG! Your computer has umpteen million infected files! Click here to buy a fix!” type. The downloader gets around the Windows 64-bit protection by activating a driver test command that keeps PatchGuard from slamming on the brakes.

An interesting tidbit: one of the fake antiviruses the program tries to download is Hoax.OSX.Defma.f, a fake antivirus for Mac . Obviously, it won’t work, being downloaded to a 64-bit Windows computer and all, but it points to an not-quite-so-obsure, post-Mac Defender future for Mac users.

original content by

Related Articles

Comments and Discussion


View all