• New alert for Zloader and subsequent question

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » New alert for Zloader and subsequent question

    Author
    Topic
    #2414538

    Check Point Research has produced an alert about a piece of malware making the rounds in the last several weeks, and its name is Zloader. Since it leverages a similar bug that was “fixed” several years ago by MS, the release at the link below indicates that this can be remediated by using a couple of registry modifications that date back to 2014 and 2013. However, when I went to check for these registry locations in Windows 10 (21H2), the full locations didn’t exist.

    Reading other articles that have been written based upon the Check Point release, I haven’t found exactly which versions of Windows might be affected by the Zloader bug.

    This makes me wonder: Has this quietly been fixed by MS prior to the release of Windows 10, or is it still prudent to implement the registry modifications laid out in the Check Point advisory at the link below?

    Per MS’s own admission back in 2013/2014, these mods just might break parts of Windows’ functionality from what I recall reading.

    https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/

    Here’s a link about it from Bleeping Computer written back on January 5th:

    https://www.bleepingcomputer.com/news/security/microsoft-code-sign-check-bypassed-to-drop-zloader-malware/

    • This topic was modified 3 years, 4 months ago by Bob99.
    Viewing 1 reply thread
    Author
    Replies
    Viewing 1 reply thread
    Reply To: New alert for Zloader and subsequent question

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: