Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Confirms Update-Linked BSODs Required Compromised Machines

Posted by timothy on from the calling-that-glass-half-full-takes-chutzpah dept.

Trailrunner7 writes "Microsoft on Thursday confirmed that the blue screen of death issues that affected a slew of users after the latest batch of Patch Tuesday updates is the result of an existing infection by the Alureon rootkit. There was widespread speculation after the patch release that simply installing the MS10-015 update was causing the BSOD condition on some Windows 32-bit machines. However, Microsoft said at the time this was not the case and started an investigation into the problem. In an advisory released Thursday, the company said that it now was confident that the restart problem is being caused by the Alureon rootkit." That seems a harsh way to find out that your Windows machine has been rooted.

20 of 199 comments (clear)

  1. Broaden their test base by Itninja · · Score: 2, Funny

    Microsoft needs to start testing against all known (and future) viruses and other malware. It just makes sense.

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
    1. Re:Broaden their test base by timholman · · Score: 1, Funny

      Microsoft needs to start testing against all known (and future) viruses and other malware. It just makes sense.

      Trivially done.

      IF OS_VERSION = "Windows XP/Vista/7" then MALWARE_FOUND = TRUE.

    2. Re:Broaden their test base by zappepcs · · Score: 3, Funny

      Just have patches issued by McAfee and Symantec... that will fix the problem, for certain.

      --
      Support NYCountryLawyer RIAA vs People
  2. Huh? I thought Netcraft confirmed it was dead? by Anonymous Coward · · Score: 2, Funny

    Huh? I thought Netcraft confirmed that BSD was dead. Oh waaaiiiitttt... BSOD
    Ok nevermind

  3. Re:But better than not finding out at all. by Anonymous Coward · · Score: 5, Funny

    The rootkitted library was not a part of the update, just one of the libraries it was using. You should demand that your rootkit vendor stick to published APIs to avoid this in the future.

  4. Well at least the Norfolk town IT can rest easy by Parallax48 · · Score: 2, Funny

    Sounds like we found the explanation for the Norfolk issue:
    http://news.slashdot.org/story/10/02/17/196230/Time-Bomb-May-Have-Destroyed-800-Norfolk-City-PCs-Data

  5. Be Gentle by e2d2 · · Score: 4, Funny

    That seems a harsh way to find out that your Windows machine has been rooted.

    What do you want? Some cuddling before breaking the bad news?

    "Sweety.. you got rooted" .. as it goes in the _wrong_ hole.

    1. Re:Be Gentle by Anonymous Coward · · Score: 3, Funny

      Wait, there is a _wrong_ hole???

    2. Re:Be Gentle by Maestro485 · · Score: 2, Funny

      I'm a rootkit, and Windows 7 was my idea!

  6. Re:No Worries by snowraver1 · · Score: 4, Funny

    Prompt, efficient and convienient! Where can I buy this Root Kit?

    --
    Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
  7. Malicious Software Removal Tool by HTH+NE1 · · Score: 5, Funny

    So is Microsoft rushing out an update to their Malicious Software Removal Tool to clean up this rootkit?

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
  8. Re:Don't worry by Megahard · · Score: 3, Funny

    If people would keep their machines updated with the latest rootkit and virus patches then this wouldn't happen.

    --
    I eat only the real part of complex carbohydrates.
  9. The un-harsh way by hey! · · Score: 2, Funny

    [A Microsoft representative comes to a System Admin's place of work for a little meeting.]

    MR: Thanks for making time to meet with me.

    SA: No problem. So what's this all about?

    MR: I don't know how to say this, but it seems that you... well you aren't entirely in control of your systems.

    SA: You mean you're selling a new management tool?

    MR: No, no nothing like that. It's just that there are certain things... Well let's say there are things about your system that you don't know that you really ought to be aware of.

    SA: Oh, I see. You mean like undocumented registry settings, or DLLS or stuff like that.

    MR: Well, sure. Technically you *could* describe it that way. It's only....

    SA: Only what? How would *you* describe it.

    MR: *sigh*. OK. Some Chinese hacker working for the Russian mob has been using you as his bitch.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  10. Zero-day by Anonymous Coward · · Score: 5, Funny

    This was a zero-day exploit that the virus writers didn't know anything about.

    They got the patch out as quickly as they could.

    1. Re:Zero-day by shutdown+-p+now · · Score: 2, Funny

      See? Many eyeballs do make bugs shallow!

  11. Re:But better than not finding out at all. by rve · · Score: 2, Funny

    The rootkitted library was not a part of the update, just one of the libraries it was using. You should demand that your rootkit vendor stick to published APIs to avoid this in the future.

    An OS update shouldn't break third party applications such as rootkits. Many people's livelihoods depend on these rootkits. Did you guys at MS even consider how difficult it is to retroactively patch infected torrents once they're out on the net?

  12. Re:But the fix will break Alureon! by Pyrus.mg · · Score: 2, Funny

    As mentioned above if you are an Alureon user an update has already been surreptitiously deployed to your pc and you can safely let Microsoft secure your system without losing any Alureon functionality.

  13. Re:But better than not finding out at all. by Pharmboy · · Score: 3, Funny

    Now, I wonder who the first poster is going to be to demand Microsoft test their patches for compatibility with viruses and malware?

    To be fair, Microsoft is year ahead of Linux in this area. Linux isn't compatible with almost every kinds of virus/malware. Wine is helping by providing the APIs needed for some malware, but Linux (iptables in particular) still interferes with the proper operation of some of these programs. Like it or not, if you want to run these malware programs reliably, you should stay away from Linux. At least Microsoft lets you run *most* of these viruses after an update.

    --
    Tequila: It's not just for breakfast anymore!
  14. Re:But better than not finding out at all. by poena.dare · · Score: 4, Funny

    Dear Microsoft:

    Please continue to turn off user's computers which are compromised. If at all possible, please display a message directing anyone in my zip code that I'm available to fix it for them at competitive prices. I really need the work.

  15. Re:But better than not finding out at all. by Garridan · · Score: 2, Funny

    Oh snap! Your computer crashed because it had malware! Harsh man, that was real harsh. Couldn't the rootkit like, call you up and say "hey man, I'm in ur system, mining ur dataz", rather than just crash? That would be a lot more convenient, and significantly less harsh. I mean, what are they going to do next -- make the computer insult you, too?