Microsoft introduces malicious driver

Operating system makers use code signing to help you stay away from malware, but Microsoft may have inadvertently broken the trust the signing is meant to create.

Reports show that Microsoft has confirmed that it has signed up to Netfilter, a third-party malware driver for Windows that has been circulating in the gaming community.

Netfilter has passed through the Windows Hardware Compatibility Program (WHCP). And it was connecting to the Chinese IP addresses of the command and control servers, security researcher Carsten Hahn found.

Since Windows Vista, any code that runs in kernel mode must be tested and signed before the public release to ensure the operating system is stable, Han said. It is not possible to install a driver without a Microsoft certificate by default.

It is not clear how the program succeeded through the Microsoft certificate signing process.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.