Since the Windows Vista era, Microsoft has required drivers to be digitally signed to prevent malware from being smuggled into software that has access to the kernel. But now it has happened that drivers who actually contained a rootkit that sent data to a server in China also received a digital signature. According to the United States Department of Defense, this is a server belonging to Ningbo Zhuo Zhi Innovation Network Technology, which is associated with the Chinese military.
It appears that the rootkit was designed simply to collect potentially sensitive information and is still active, including the server, which returns lists of URLs for various purposes. At one of such addresses you can find a list of IP addresses for possible redirection, including destinations.
Microsoft is currently searching for its Windows Defender on PCs infected with this rootkit, and reports that it is now investigating how an infected driver called Netfilter could pass the Windows Hardware Compatibility Program (WHCP) certification process. The purpose of the Netfilter is to have one purpose, and that is to falsify information about a player’s position so that he or she is not affected by restrictions based on his or her geographical location.
The information about the purpose of Netfilter thus fits into the overall picture, especially when we learn from Microsoft that this software is most widespread in PC gaming rooms in China. It seems that the Chinese citizens themselves and their “defective” actions were in search.
Microsoft has also stated that the drivers were created by a third party and submitted for WHCP certification, with the relevant account already blocked, and that other drivers that were previously registered under it have now been examined in detail.
Prices of related products:
Source: Svět hardware by www.svethardware.cz.
*The article has been translated based on the content of Svět hardware by www.svethardware.cz. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!