Avoiding Conflict

Some of you may be aware that some users have recently encountered problems with one of Microsoft's security updates. Some user's systems would crash with a "Blue Screen Of Death" (BSOD) after installing Microsoft's latest batch of security updates.

The problem has been narrowed down to the MS10-015 update. It seems that systems that have been infected with a rootkit known as TDSS, Tidserv and TDL3 (amongst others) would crash once the MS10-015 security update was installed.

The interesting point here is that, as a result of this problem, the rootkit authors have created & distributed their own patch update for the rootkit software to remove the conflict and stop the BSOD crashes. That was nice of them, wasn't it?

Back in the early days, many viruses & worms used to have harmful or destructive payloads. When an infected system's virus payload was triggered, the virus would delete or scramble data files, or damage system files. The payload was all about causing headlines & havoc. The virus authors could then brag to their mates about how they were the one to cause all that havoc.

These days, malware is all about stealing information that can be turned into stealing money. The bad guys want to get their malware running quietly in the background without you noticing it, so that they can do whatever they want with your system. If many of the systems that they have their malware running on suddenly crash with a serious fatal crash, and it becomes known that the presence of their malware is the culprit, the gig is up. They've been busted. So it's not really surprising that they have updated their own malware to avoid the conflict and stop the blue screens of death.

We now not only have software vendors issuing patches to avoid system crashes, but we also have the bad guys doing exactly the same thing.

So for the bad guys it used to be all about creating havoc and gaining notoriety. It's now all about systems running perfectly and the anonymity of the malware authors being maintained. It's all about business continuity…..

Craig Johnston
Senior Cybercrime Research Analyst

Author ESET Research, ESET

  • IT Ninja

    btw, the National Security Agency was recently hacked. Yes hacked! But it was downplayed to the media for obvious shameful reasons. Here’s the link :

    http://pinoysecurity.blogspot.com/2010/02/wwwnsagov-hacked.html

  • Matt

    Is ESET making any updates to protect users for this threat ?  Can Nod or new updates pick up on this threat ?

    • Randy Abrams

      ESET is continuously updating both signatures and heuristics to detect and block known and unknown threats

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
18 Feb 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.