Hackers "fix" XP BSoD rootkit
Summary: An update released by Microsoft this month (MS10-015) broke XP machines that were infected with the TDL3 rootkit (also known as TDSS and Tidserv and many other names).
An update released by Microsoft this month (MS10-015) broke XP machines that were infected with the TDL3 rootkit (also known as TDSS and Tidserv and many other names - more info here).
Well, a rootkit that causes crashes is bad for business, so the hackers had an update out in the matter of hours.
On last Tuesday Microsoft released a number of Windows updates, some of them critical because they fixed a 17 years old bug. After some users updated their Windows operating systems, they got a scaring and really annoying blue screen of death.Most of those users were angry with Microsoft, but the problem this time is not related to Microsoft. Indeed a number of the users affected by this BSOD was infected by TDL3/TDSS rootkit.
More exactly, TDL3 rootkit looks incompatible with MS10-015 update. This is the cause of the BSOD. Problem resides in the lazyness of rootkit writers when writing the driver infection routine.
...
Good news is that TDL3 authors care about us and they released in a couple hours a new updated version of the rootkit compatible with the Microsoft patch.
It's one big cat and mouse game between the good guys and the bad guys.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
What exactly does this rootkit do?
More info on rootkit
I don't..
how can MS blame them on anyone but themselves? If
they're going to wait until something is actively
being used to take over systems before fixing it,
they need to make sure their fix either removes
the crap or at least doesn't bring the whole
computer down with it. Is that really too much to
ask from a company that grosses billions a year?
Are you really that stupid?
It's NOT their responsibility to fix a problem they didn't cause before patching a bug, it's the user's responsibility to not get infected in the first place. Don't get infected and it won't BSOD with the bug fix.
Are YOU really that clueless?
And while I agree that it isn't automatically Microsoft's responsibility to fix a problem they didn't create, it's may be one they did create. Especially if it's the 17 year old bug mentioned that caused this.
It isn't so easy to avoid rootkits as you imply. If you think it is, you need to educate yourself about them before you become another victim (if you aren't already).
Rootkits, by their very nature, are difficult to detect. Sure, this one caused the computers to BSOD, but the whole point of them is to sit in the background and not be noticed. Even with a combination of the best-of-breed security software and good practices, you can still get hit.
So stop looking at it as an either-or situation. There's more than enough blame to go around.
It's very easy.
Yes.....
If by "such as" you mean "as opposed to".
No, I mean such as.
Read 'em and weep.
@Lester Young
And that OSX leaves out parts of ASLR that programs can do themselves
without help from the OS, such as moving themselves to another address at
startup.
What was your point again?
Read what, and weep?
The fact that Linux wasn't even tested at CanSecWest is your first [b]EPIC FAIL[/b] right there...
Your link http://www.scribd.com/doc/13450744/Dino-Dai-Zovi-Mac-OS-Xploitation looks like a link to a Russian hacker's website. Not a reputable place and I'd prolly run a malware scan after visiting it if I were running Winbloze.
~
I seriously doubt we're all gonna run out and by a copy of Vista bloatware at this stage of the game. You're too little, too late, fanbui.
@Wintel_BSOD That's mean!
They helped so much with killing the Nazis.
Why hate on Russians??
Not as clueless as you
It's very easy to avoid rootkits. Don't go to sketchy sites, don't open email attachments you don't know about, avoid pirated software. Use a good AV software, not Norton's or McAfee. Seems simple to me.
Did you read what I wrote before replying to it?
Since Microsoft refused to fix the problem before it was taken advantage of, a bunch of computers got taken over by this rootkit, and Microsoft should have taken this situation
into consideration, by.. here it comes.. doing what I said they should have done, in the post you just replied to; "make sure their fix either removes
the crap or at least doesn't bring the whole
computer down with it"!
Did Microsoft Know about the RootKit?
If Microsoft knew about these root kits when they came out with the patch, then they should have tested the result and designed things so that the patch -- even with the root kits installed -- wouldn't blue-screen your system.
Either that, or they should have issued some sort of caution about a problem that [b]they were aware of[/b]. So that customers wouldn't get blind-sided.
It's easy to say that customers shouldn't get root-kits installed on their machines.
It's just as easy to say that MS should have solved the poblem before it was exploited.
In this case, however, people are just saying that they would like to have been informed about a [b]KNOWN PROBLEM[/b]. I don't see that as being unreasonable given that Microsoft would have been the only people with knowledge of the problem at that point of time.
I don't...
In this instance, it is the user's fault for not properly securing their pc.
I don't...
how it is Microsoft's fault for finally giving a patch after the vulnerability has been used to infect people's computers, that BSODs them! Do you know what a rootkit is? It
operated within the kernel itself, meaning it can fully control everything, including AVs. Most rootkits nowadays either disable the most common AVs entirely or at least render
themselves invisible to them.
It is Microsoft's responsibility to make sure that their patches do not render their customers' systems inoperable. If that means including something in the patch to remove or at
least work around the infection that happened as a result of them taking so long to provide a patch, tough sh[i][/i]it. Millions/billions of people are paying these clowns
hundreds of dollars each, the least they can do is not hose their systems!
The patch.....
If that was the case..
There would be rootkits unable to get the necessary privileges to install themselves (and thus unable to cause a BSOD) after the patch was applied, and there would be rootkits
already embedded in the kernel and thus no longer needing to use an exploit to escalate and thus unaffected by the patch and thus wouldn't suddenly stop BSODing.
So that's obviously [i]not[/i] the case. Try again.
Wrong again.