First, two definitions:
Rootkit: A computer program or series of programs designed to infect a computer and hide itself from view, making it very hard to uncover without special tools. It can also hide the presence of other malicious software in the system.
32-bit vs. 64-bit operating systems: These two terms refer to how the computer processor handles information. They have distinctly different architectures. 64-bit operating systems are also notorious for enhanced security features.
Now that we have those out of the way, to the point: Up until a few days ago, the 64-bit operating system was thought to be immune to rootkit infections… up until a few days ago. A famous rootkit, notorious for its advanced techniques and stealth features has been on the loose for sometime now, infecting 32-bit operating systems like there’s no tomorrow. Well, it was found a few days ago and for the first time it was observed infecting 64-bit operating systems, shattering the idea that rootkits could not infect such systems. Its name is TDL3, AKA Alureon, AKA TDSS.
So much for 64-bit immunity. A new chapter has begun.
Oof! …your articles are very enlightening and helpful. Thanks.
Can you mention what tools detect this rootkit? Despite the scariness of rootkit threats I don’t think I’ve ever detected one though I have scanned many machines. If this one has infected 32-bit OS’s a lot it would be helpful to know a detection method.
Thanks!
Malwarebytes’ Anti-Malware should detect and handle this threat.
I hope they finally adapt Combofix for 64-bit systems, because all it takes is one rootkit to break the mold, and then the flood gates are open. Hopefully Intel/McAfee will come up with an end all enhancement.
On a sour note, the security industry has to make money some how. They can’t make computer immune, completely.