Posted on 6/30/2021, 4:01:51 PM by ransomnote
Posted on 6/30/2021, 8:20:33 AM by ProgressingAmerica
Ever since the introduction of Windows Vista in early 2007, Microsoft has enforced the rule that Windows drivers must carry digital signatures by default. Any software that runs in kernel mode, in fact, has to be signed by the company. This is a security measure that should prevent malicious software from digging its claws in too deep. However, what happens when Microsoft gives its blessing to a rootkit?
That's what happened a few months ago and was just now discovered thanks to G DATA Software security analyst Karsten Hahn. Initially, the company received a false-positive alert from a driver that was signed by Microsoft. After a lot of investigation into the matter, it turns out that the positive was valid. A driver signed by Microsoft was redirecting traffic bound for hundreds of IP addresses to a server in China.
I’ve sent that video link to a couple of vaccine/lockdown activists here in Canada so it’s about to get some play I think. Thank you both.