Window’s Safe Mode Feature Ascertained Unsafe
McAfee's Avert Labs has warned the users that Windows' Safe Mode might be assumed helpful in fixing the malware infections, but it is not true in all cases. The malware may adjust itself to get installed even in Safe Mode.
For long, Windows has included a special mode called Safe Mode that can be loaded by user at boot. The inspiring factor behind this is to prevent the unwanted software and services in the Safe Mode and thus, it can be useful in detecting system problems. Further, Safe Mode is meant for recovering from any sort of damage caused to the system by malfunctions. While booting in Safe Mode, only limited services and drivers required for the basic system operations are loaded, avoiding the addition of non-essential ones that create complications.
Thus, as a whole, Safe Mode helps the system to recover from infections caused by malware. But malware can load in Safe Mode, thereby exploiting the feature and thus, causing great difficulties for administrators as well as users to recover from such infections. According to McAfee, malware can ably set itself with the help of some keys to get loaded during booting, even in a safe mode.
In the first week of March 2009, a similar Trojan dubbed Tigger.A was identified that installs a rootkit on the infected system and can load even in the Safe Mode. The rootkit renders kernel debuggers inactive; hooks NTFS (NT File System) and FAT (File Allocation Table) file system drivers; and stops other processes from accessing memory of kernel driver.
In addition to this, Tigger.A allows attackers to obtain access to the administrator privileges on Windows, whether the user is himself having those privileges or not. It exploits the MS08-066 vulnerability in the "privilege escalation" feature of Windows, which was discovered and fixed by Microsoft in October 2008. According to researchers, Tigger.A also tracks keystrokes, gathers system information and allows a backdoor entry to the compromised systems.
Finally the company has recommended to perform "safe surfing" always that is the very first step to keep computers clean as well as to keep the anti-virus updated.
Related article: Wendy’s Name Used to Steal Private Detail From Users
» SPAMfighter News - 3/21/2009
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!