News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Five sys identifies new rootkit

    Home » Forums » Code Red – Security/Privacy advisories » Five sys identifies new rootkit

    Author
    Topic
    #2397341

    Bitdefender security researchers have identified a new Microsoft-signed rootkit, named FiveSys, that somehow got through the verification process and ended up in the wild new requirement ensures that all drivers are validated and signed by the operating system vendor rather than the original developer and, as such, digital signatures offer no indication of the identity of the real developer. FiveSys’ developers somehow managed to trick the validation process.

    The purpose of the rootkit is straightforward: it aims to redirect the internet traffic in the infected machines through a custom proxy, which is drawn from a built-in list of 300 domains. The redirection works for both HTTP and HTTPS; the rootkit installs a custom root certificate for HTTPS redirection to work. In this way, the browser doesn’t warn of the unknown identity of the proxy server

    https://www.bitdefender.com/blog/hotforsecurity/the-emergence-of-the-fivesys-rootkit-a-malicious-driver-signed-by-microsoft

    (original link posted by Alex – it was messing up the formatting in the forum)

    Susan Bradley Patch Lady

    2 users thanked author for this post.
    Viewing 2 reply threads
    Author
    Replies
    • #2397344

      Rick then commented:
      “Another serious foul-up.

      Can anyone think of another platform with a worse history?”

      (Apologies, we had to nuke the original posts as the formatting in the original post was causing issues)

      Susan Bradley Patch Lady

    • #2397370

      Five sys identifies new rootkit

      Should the header be : Bitdefender identified Microsoft signed driver rootkit – FiveSys ?

      • #2397374

        Should the header be : Bitdefender identified Microsoft signed driver rootkit – FiveSys ?

        or ‘Malicious rootkit code-signed by Microsoft a year ago’?

        Other questions remaining to be answered:

        How many other malwares have successfully passed Microsoft verification, been code-signed by Microsoft and then released into the wild?

        Where’s the public Microsoft statement by Satya Nadella about the dismal failure of its driver verification process and what Microsoft is going to do about it?

        Let’s face it… this is huge. Microsoft’s left hand justifying Windows 11 hardware requirements in the interests of ‘increased security’ whilst its right hand signs off on a rootkit that’s only caught by a third-party a whole *YEAR* after its release.

        6 users thanked author for this post.
    • #2397457

      All this from a company that won a multi-billion dollar contract to store the sensitive data of the Department of Defense.

      Hooooooooooookaaaaaaaayyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy

      "War is the remedy our enemies have chosen. And I say let us give them all they want" ----- William T. Sherman

      1 user thanked author for this post.
    Viewing 2 reply threads
    Reply To: Five sys identifies new rootkit

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.