Irregular Expressions

Feb 12 2010   10:56PM GMT

MS10-015 Reboots Solved?

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

After a lot of discussion on the sans diary ( sans.isc.sans.org )  it appears the MS10-015 rebooting machines have been traced back to a root kit (Tdss), more information about it can be found at http://www.prevx.com/blog/139/Tdss-rootkit-silently-owns-the-net.html .  Emergingthreats.net has had signatures since Oct & Jan 09 and from some of the reports out, the major AV vendors are able to detect it as long as it is not running on the infected OS.

Now it’s going to be a race between system administrators to apply the MS10-015 to detect the root kit and the malware authors to update it so the patch won’t cause the system to blue screen and reveal the infection.

The number of reports of users having issues with the blue screen is surprising, cases like this are excellent reasons to have effective NIDS deployed.  Malware like Tdss needs to check in and when it does that it cannot hide anymore.

The full discussion is available here http://isc.sans.org/diary.html?storyid=8209#comment .

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: