Rootkit to blame for Windows Blue Screen of Death

Thursday, February 18, 2010 8:20
Posted in category Uncategorized
No Comments

Microsoft late on Wednesday confirmed that a rootkit caused Windows PCs to crash after users applied a security patch issued last week.

Only systems infected with the Alureon rootkit were incapacitated with Blue Screen of Death (BSOD) errors that prevented booting, said Mike Reavey, the director of the Microsoft Security Response Center (MSRC), in an announcement on the center’s blog . “Our investigation has concluded that the reboot occurs because the system is infected with malware,” said Reavey.

[ InfoWorld's Roger Grimes explains how to stop data leaks in an enlightening 30-minute webcast, Data Loss Prevention, which covers the tools and techniques used by experienced security pros. ]

He added that the MS10-015 update was not at fault. “We have not found quality issues with security update MS10-015,” Reavey maintained.

Microsoft ‘s conclusion that malware was to blame was not unexpected. Last week, the rootkit — also called TDSS, Tidserv and TDL3 — had been named by security researchers as the likely culprit .

Within hours of the Jan. 9 release of MS10-015 and 12 other security updates, users reported that their computers wouldn’t restart. Two days later, Microsoft halted automatic distribution of MS10-015 and launched an investigation, which revealed that malware might be the cause .

Yesterday, Reavey echoed independent researchers who earlier had blamed an address conflict between MS10-015 and the rootkit for the debacle. “Malware writers modified Windows behavior by attempting to access a specific memory location, instead of letting the operating system determine the address,” explained Reavey. “MS10-015 was downloaded and installed, during which the location of Windows code changed. On the next reboot the malware code crashed attempting to call a specific address in Windows code which was no longer the intended OS function.”

MS10-015 patched a 17-year-old bug in the kernel of all 32-bit versions of Windows.

Reavey acknowledged that Microsoft’s patch quality control did not catch the conflict because it’s difficult to create malware interaction tests. “These types of infections often leave the machine in such an unstable state that it cannot be reliably tested,” said Reavey. He also confirmed that all 32-bit versions of Windows were susceptible to Alureon-caused crashes, including Windows 7 , even though the bulk of complaints came from users running Windows XP.

That shouldn’t be a surprise: XP is the dominant operating system worldwide.

Share This:
  • Facebook
  • Twitter
  • StumbleUpon
  • Reddit
  • Digg
  • LinkedIn
  • MySpace
  • del.icio.us

Related Posts

  1. Updated ‘blue screen of death’ rootkit now targeting 64-bit Windows
  2. Microsoft pulls Window patch blamed for Blue Screen of Death
  3. Microsoft acts to avoid repeat of Windows blue screen debacle
  4. Microsoft smacks patch-blocking rootkit second time
  5. Microsoft tries again with patch linked to Windows blue screens
You can leave a response, or trackback from your own site.
Tags: ,

Leave a Reply

«
»