Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Microsoft accidentally signed a malware-rigged driver targeting gamers

Image Description

Responding to what first appeared to be a false positive, cybersecurity researchers caught hold of a malicious driver that was officially signed by Microsoft.

Karsten Hahn, a malware analyst with security vendor G Data blogged about Microsoft’s faux pas, while sharing his observations about the driver’s malicious activities.

Analysis revealed that the driver, named Netfilter, was in fact a rootkit that redirected traffic to Chinese command and control (C&C) servers.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

“Last week our alert system notified us of a possible false positive because we detected a driver named 'Netfilter' that was signed by Microsoft…In this case the detection was a true positive, so we forwarded our findings to Microsoft who promptly added malware signatures to Windows Defender and are now conducting an internal investigation,” wrote Hahn.

Malicious driver

Hahn explains that, since the launch of Windows Vista, all code that runs in the kernel space needs to be tested and signed by Microsoft. Simply put, any driver that doesn’t bear the official seal of approval from Microsoft cannot be installed “by default.” 

As per Hahn’s analysis, the Netfilter driver was flagged because it didn’t appear to provide any “legitimate functionality” and was exhibiting non-normal behavior by communicating with China-based C&C IPs.

According to Bleeping Computer, Microsoft has confirmed it accidentally signed the malicious driver, which is being distributed within gaming environments.

Software supply chain threat

Hahn states that Microsoft is actively investigating how the driver managed to pass the signing process.

Bleeping Computer adds that the software giant hasn’t found evidence that the driver was signed by stolen code-signing certificates. This would seem to suggest the malicious actor got the seal of approval following due process. 

This is an even more worrying prospect, as it points to chinks in Microsoft’s driver signing process that might have been exploited to poison the software supply chain, with potential ramifications for businesses of all sizes.

Date

28 Jun 2021

Sources


Share


Other Blog

  • Google Workspace on iOS can now edit Microsoft Office files

    Google Workspace had introduced on Android two months ago where Excel, Word and PowerPoint files can be edited without the need to convert them to Sheets, Docs or Slides.

    Read More
  • Sudden WordPress pricing change sparks confusion and outrage

    WordPress.com has introduced major price changes without warning, replacing all of its paid plans with a single ‘Pro’ plan.

    The Automattic-owned website builder has also reduced the storage on its free plan significantly, from 3GB to 500MB.

    In a WordPress forum thread, some users of the platform expressed their frustration with the new Pro plan, which costs $180 a year with no option to spread costs out monthly, a facility previously available with the old plans. 

    Website builder price change

    WordPress.com price plan change screenshot

    WordPress.com now just offers two plans (Image credit: WordPress.com)

    In response to complaints made on the WordPress forum, a spokesperson for the company said the goal with these pricing changes is to make the benefits of WordPress.com available to more people, describing the old plans as “overcomplicated” and “confusing”.

    “This presently does not affect free sites prior to the new plan updates. We’ve slashed the price of our older Business plan from $25/mo to just $15/mo (paid annually),” they added.

    However, despite the fact that WordPress says the changes to storage space would only affect new websites created on or after March 31, some WordPress users complained that their old sites have had the media storage space slashed to 500 MB.

    The previous Business plan referenced by the spokesperson used to come with up to 200GB of storage, while the new Pro plan caps storage space at 50GB.

    After a weekend of users complaining of the changes, WordPress set up a thread to collect feedback and provide clarity on new pricing changes. In the FAQ section, it acknowledged that the gap between a free plan and a $15 a month plan was large, and the company is therefore working on more “flexible à la carte options”.

    TechRadar Pro reached out to WordPress.com for a comment on the changes and the rationale behind removing the option to pay monthly for services, but the company has not yet returned a response. 

     Via WPTavern 

    Read More
  • The best motherboard 2020: the top Intel and AMD motherboards we've seen

    Whether your CPU is Intel or AMD, the best motherboards will make the most of it.

    Read More
  • Nvidia GeForce RTX 3090 outsells all AMD RX 6000 GPUs – is AMD in trouble?

    Despite the Nvidia flagship GPU having an eyewateringly high pricetag, it's outsold every card in AMD's RX 6000 series.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us