Microsoft Confirms Update-Linked BSODs Required Compromised Machines 199
Trailrunner7 writes "Microsoft on Thursday confirmed that the blue screen of death issues that affected a slew of users after the latest batch of Patch Tuesday updates is the result of an existing infection by the Alureon rootkit. There was widespread speculation after the patch release that simply installing the MS10-015 update was causing the BSOD condition on some Windows 32-bit machines. However, Microsoft said at the time this was not the case and started an investigation into the problem. In an advisory released Thursday, the company said that it now was confident that the restart problem is being caused by the Alureon rootkit." That seems a harsh way to find out that your Windows machine has been rooted.
Broaden their test base (Score:3, Funny)
Huh? I thought Netcraft confirmed it was dead? (Score:2, Funny)
Huh? I thought Netcraft confirmed that BSD was dead. Oh waaaiiiitttt... BSOD
Ok nevermind
Re:But better than not finding out at all. (Score:5, Funny)
The rootkitted library was not a part of the update, just one of the libraries it was using. You should demand that your rootkit vendor stick to published APIs to avoid this in the future.
Re:Broaden their test base (Score:1, Funny)
Trivially done.
IF OS_VERSION = "Windows XP/Vista/7" then MALWARE_FOUND = TRUE.
Well at least the Norfolk town IT can rest easy (Score:2, Funny)
Sounds like we found the explanation for the Norfolk issue:
http://news.slashdot.org/story/10/02/17/196230/Time-Bomb-May-Have-Destroyed-800-Norfolk-City-PCs-Data [slashdot.org]
Be Gentle (Score:5, Funny)
That seems a harsh way to find out that your Windows machine has been rooted.
What do you want? Some cuddling before breaking the bad news?
"Sweety.. you got rooted" .. as it goes in the _wrong_ hole.
Re:No Worries (Score:5, Funny)
Malicious Software Removal Tool (Score:5, Funny)
So is Microsoft rushing out an update to their Malicious Software Removal Tool to clean up this rootkit?
Re:Don't worry (Score:3, Funny)
Re:Broaden their test base (Score:4, Funny)
Just have patches issued by McAfee and Symantec... that will fix the problem, for certain.
The un-harsh way (Score:3, Funny)
[A Microsoft representative comes to a System Admin's place of work for a little meeting.]
MR: Thanks for making time to meet with me.
SA: No problem. So what's this all about?
MR: I don't know how to say this, but it seems that you... well you aren't entirely in control of your systems.
SA: You mean you're selling a new management tool?
MR: No, no nothing like that. It's just that there are certain things... Well let's say there are things about your system that you don't know that you really ought to be aware of.
SA: Oh, I see. You mean like undocumented registry settings, or DLLS or stuff like that.
MR: Well, sure. Technically you *could* describe it that way. It's only....
SA: Only what? How would *you* describe it.
MR: *sigh*. OK. Some Chinese hacker working for the Russian mob has been using you as his bitch.
Zero-day (Score:5, Funny)
This was a zero-day exploit that the virus writers didn't know anything about.
They got the patch out as quickly as they could.
Re:But better than not finding out at all. (Score:3, Funny)
The rootkitted library was not a part of the update, just one of the libraries it was using. You should demand that your rootkit vendor stick to published APIs to avoid this in the future.
An OS update shouldn't break third party applications such as rootkits. Many people's livelihoods depend on these rootkits. Did you guys at MS even consider how difficult it is to retroactively patch infected torrents once they're out on the net?
Re:But the fix will break Alureon! (Score:2, Funny)
Re:Be Gentle (Score:3, Funny)
Wait, there is a _wrong_ hole???
Re:But better than not finding out at all. (Score:4, Funny)
Now, I wonder who the first poster is going to be to demand Microsoft test their patches for compatibility with viruses and malware?
To be fair, Microsoft is year ahead of Linux in this area. Linux isn't compatible with almost every kinds of virus/malware. Wine is helping by providing the APIs needed for some malware, but Linux (iptables in particular) still interferes with the proper operation of some of these programs. Like it or not, if you want to run these malware programs reliably, you should stay away from Linux. At least Microsoft lets you run *most* of these viruses after an update.
Re:Zero-day (Score:3, Funny)
See? Many eyeballs do make bugs shallow!
Re:But better than not finding out at all. (Score:5, Funny)
Dear Microsoft:
Please continue to turn off user's computers which are compromised. If at all possible, please display a message directing anyone in my zip code that I'm available to fix it for them at competitive prices. I really need the work.
Re:Be Gentle (Score:3, Funny)
Re:But better than not finding out at all. (Score:2, Funny)
Oh snap! Your computer crashed because it had malware! Harsh man, that was real harsh. Couldn't the rootkit like, call you up and say "hey man, I'm in ur system, mining ur dataz", rather than just crash? That would be a lot more convenient, and significantly less harsh. I mean, what are they going to do next -- make the computer insult you, too?