Brand New 64-bit rootkit!

New 64-bit rootkit being used to steal banking credentials. Security researchers have come across a new rootkit designed specifically to infect 64-bit Windows systems and steal users’ online banking credentials. It is believed to be the first piece of malware of its kind that is capable of compromising x64 systems.

The new rootkit is being used by attackers in Brazil as part of drive-by download attacks and is then used to steal banking credentials after the infection. The malware has the ability to change some of the boot configurations of infected machines and then aims to redirect users to phishing sites. The new rootkit can infect machines running either 32-bit or 64-bit versions of Windows. The drive-by download is accomplished by using a malicious Java applet targeted at older versions of the Java Runtime Environment. The applet includes a number of files that each have different jobs to do once they are on an infected PC, including one that disables the Windows User Account Control mechanism.

Source: 052011