Trojan Alert: Windows 7 Vulnerable

Tuesday, March 20, 2012 @ 12:03 PM gHale

A new Windows 7 Trojan can elevate the privileges of any restricted process to administrator level, without the user’s permission or knowledge, Symantec researchers said.

The latest fully patched versions of Windows 7 are vulnerable to backdoor.Conpee Trojan, said Mircea Ciubotariu, a security response engineer at Symantec.

Digitally Signed Malware Growing
Cisco Patches Security Appliance Holes
Embedded Systems Still Unprotected
Patched Hole Doesn’t Stop Attackers

The new Trojan targets 32-bit and 64-bit versions of Windows 7, adding to the theory malware authors are redesigning software to bypass security features in 64-bit Windows, Ciubotariu said.

The 64-bit version of Windows 7 and Vista included Kernel Mode Code Signing and Kernel Patch Protection, intended to make them less vulnerable to malware.

But the backdoor.Conpee and Backdoor.Hackersdoor Trojans have been able to infect 64-bit operating systems, Ciubotariu said.

The Hackersdoor Trojan is able to bypass the driver signing system used in 64-bit Windows using stolen certificates.

Symantec first detected this infection in December 2011, and while the number of infections seen in the wild since then have been modest, it appears malware writers have been using it as a test case, Ciubotariu said.

Leave a Reply

You must be logged in to post a comment.