As Bitdefender’s research pointed out, this rootkit-based malware has been in play for six years but only recently targeted the Windows 10 platform, with one key change: It used a digitally signed driver to bypass Windows 10 protections. Researchers found that 90 percent of the samples were running Windows 10. Then in June 2018, the Zacinlo ad fraud operation came to light and made us once again worry about the risk of rootkits. Zacinlo ad fraud makes Windows rootkits relevant again Rootkits went from being highly used to only being seen in under 1 percent of the malware output for many years. This meant that only the most advanced attackers used rootkits as part of their payload. Kernel Patch Protection (KPP) required malware authors to overcome a digital signing requirement.
This caused not only issues with printer drivers, but more importantly caused malware writers to change their attack methods. It required that vendors digitally sign drivers. Then Microsoft made a major change in the operating system with Microsoft Vista in 2006.
Kernel or operating system rootkits for many years were a dangerous threat to computers. Both seek to persist, hide and evade from processes and procedures to eradicate them.
Operating system-based rootkits are scary enough, but firmware rootkits even more so. During that time, it can steal data or resources, or surveil communications. Attackers use rootkits to hide malware on a device in a way that allows it to persist undetected over time, sometimes for years.
0 kommentar(er)
