Threat of the monthWhat is it?
In July, the new Stuxnet malware was found to use legitimately signed files in the targeted attack of SCADA control systems. Although the signature was reportedly expired, it is clear evidence that a digital signature can be “compromised” if enough resources are applied.Following that, in August, a new variant of Alureon, a popular rootkit, was found to evade driver signing and kernel patch protection built into Windows 64-bit operating systems. This event demonstrates how the security controls can be bypassed by infecting the master boot record and executing the malicious code before the operating system's security controls can establish themselves.
How can I prevent it?
Those behind these malwares have the means and motivation to succeed. As a global IT community, we must be aware of these advanced threats targeting our environments. Further, we must find
ways to employ additional layers of control to limit the opportunity for
— Don DeBolt, director of threat research, CA Technologies