Wednesday, February 24, 2010

Microsoft's latest Windows patch accidentally exposes rootkit; malware authors respond by helpfully posting their own patch

A recent Microsoft patch caused panic in the IT world when thousands of machines began 'blue-screening' (that's the geek term for "crashing", "hanging" or "freezing").

Within hours [after users applied the MS10-015 security update, they] flooded Microsoft's support forum, reporting that their computers had been incapacitated with a Blue Screen of Death (BSOD). On Thursday, Microsoft stopped shipping the MS10-015 update, which users had linked to the BSODs, and said it was investigating.

Good new for users, though. The authors of the malicious code have posted their own patch via a helpful and integrated automatic update service.

The rootkit, known by a variety of names -- including TDSS, Tidserv and TDL3 -- was blamed by Microsoft last Friday for causing Windows XP PCs to crash after users applied the MS10-015 security update, one of 13 Microsoft issued a week ago...

...The rootkit's authors have reason to hustle out an update, said Schouwenberg and Fossi, who explained that blue-screened PCs are as worthless to the hackers -- who want access to the machines -- as they are to their owners. Worse, the BSODs have revealed to many Windows users that their systems were infected.

"The rootkit exists to be on the system and evading detection," noted Fossi. "On the plus side for users, this incident has helped people discover that they had this running on their computers."

I couldn't tell from the article, but assume that Fossi was laying down some snark with the "plus side" remark.

ComputerWorld has all the details on remediation.


No comments: