I just read about this attack. It uses Siemens software to install a root kit. The vulnerability starts with a static password that Siemens inserted. (I once worked in a bank where I am told MSBlaster got in via a Siemens phone engineer using the modem in their systems servers to dial out to the net). The root kit then uses a stolen private certification key to pretend to be a RealTek driver so that it can install on 64-bit OS’s (Vista and later). MS and RealTek have figured out a solution (requires your Windows Updates to be working. Interesting stuff.
Technorati Tags: Security,Windows Updates
I think we’ll be finding more and more instances of this. Manufacturers think they are immune from worms / viruses because their software is used in specialist applications and is relatively obscure. Because of this mentality, they use lazy coding, often requiring the user to be an admin on the system to run it. Hopefully it will be the wake up call needed, but somehow fear it won’t be !
Those vendors won’t care until the business (their customer) cares. Anyone who has worked in a large environment can probably think of a few applications with holes like this. I’ve certainly seen them, raised my objections, and been ignored.