How the TLD4 Rootkit Bypasses Driver Signing on Windows 64-bit

Per the Sunbelt Blog:

Microsoft’s Windows operating system, running on a 64-bit machine provides enhanced security with driver signing of system and low level drivers. This policy, called the kernel mode code signing policy, disallows any unauthorized or malicious driver to be loaded [1].

The TDL4 rootkit bypasses driver signing policy on 64-bit machines by changing the boot options of Microsoft boot programs that will allow an unsigned driver to load.

Read the rest here

Well, I figured the 64-bit haven would end eventually.  I’m sorta shocked it took this long frankly.  I’ll be scanning the drivers folder on 32 and 64 bit computers from now on (via UBCD4WIN and Dr. Web).

,