By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Microsoft has now confirmed signing a malicious driver being distributed within gaming environments. This driver, called "Netfilter," is in fact a rootkit that was observed communicating with Chinese command-and-control (C2) IPs. G Data malware analyst Karsten Hahn first took notice of this event last week and was joined by the wider infosec. community in tracing and analyzing the malicious drivers bearing the seal of Microsoft. This incident has once again exposed threats to software supply-chain security, except this time it stemmed from a weakness in Microsoft's code-signing process. Last week, G Data's cybersecurity alert systems flagged what appeared to be a false positive, but was not—a Microsoft signed driver called "Netfilter." The driver in question was seen communicating with China-based C&C IPs providing no legitimate functionality and as such raised suspicions. This is when G Data's malware analyst Karsten Hahn shared this publicly and simultaneously contacted Microsoft: "Since Windows Vista, any code that runs in kernel mode is required to be tested and signed before public release to ensure stability for the operating system." "Drivers without a Microsoft certificate cannot be installed by default," states Hahn. At the time, BleepingComputer began observing the behavior of C2 URLs and also contacted Microsoft for a statement. The first C2 URL returns a set of more routes (URLs) separated by the pipe ("|") symbol: The G Data researcher spent some time sufficiently analyzing the driver and concluded it to be malware. The researcher has analyzed the driver, its self-update functionality, and Indicators of Compromise (IOCs) in a detailed blog post. "The server then responds with the URL for the latest sample, e.g. hxxp://110.42.4.180:2081/d6, or with 'OK' if the sample is up-to-date. The malware replaces its own file accordingly," further explained the researcher. During the course of his analysis, Hahn was joined by other malware researchers including Johann Aydinbas, Takahiro Haruyama, and Florian Roth. Roth was able to gather the list of samples in a spreadsheet and has provided YARA rules for detecting these in your network environments. Notably, the C2 IP 110.42.4.180 that the malicious Netfilter driver connects to belonged to Ningbo Zhuo Zhi Innovation Network Technology Co., Ltd, according to WHOIS records: Microsoft is actively investigating this incident, although thus far, there is no evidence that stolen code-signing certificates were used. The mishap seems to have resulted from the threat actor following Microsoft's process to submit the malicious Netfilter drivers, and managing to acquire the Microsoft-signed binary in a legitimate manner: "Microsoft is investigating a malicious actor distributing malicious drivers within gaming environments." "The actor submitted drivers for certification through the Windows Hardware Compatibility Program. The drivers were built by a third party." "We have suspended the account and reviewed their submissions for additional signs of malware," Microsoft said yesterday. According to Microsoft, the threat actor has mainly targeted the gaming sector specifically in China with these malicious drivers, and there is no indication of enterprise environments having been affected so far. Microsoft has refrained from attributing this incident to nation-state actors just yet. Falsely signed binaries can be abused by sophisticated threat actors to facilitate large-scale software supply-chain attacks. We have more detailed information and images posted on OUR FRUM.

Windows 7 and 8 users might just be able to upgrade for free to Microsoft’s revamped Windows 11 – the rumored next step for Windows 10 – when the latter emerges later this year. That’s the theory according to Windows Latest, which has been digging around in the leaked build of Windows 11 which recently surfaced, and found references to these older Windows operating systems in the product key configuration reader. The material uncovered there suggests there will be an upgrade path for both Windows 7 and Windows 8/8.1 to make the leap to Windows 11 for free. This kind of makes sense, because as you’re doubtless aware, it’s still possible for those on Windows 7 or 8 to upgrade to Windows 10, even though the official free upgrade was only supposed to last for the first year of the latter’s existence. That free upgrade never went away in fact – we discuss how you can avail yourself of it right here – and as Windows 11 is still fundamentally Windows 10, just with a lot of interface changes and a big facelift (from what we can see in the leaked build), it’s not surprising that the scheme of things might remain in place when it comes to upgrades. Then again, arguably the launch of the revamped OS, which is a visible step on from Windows 10, would make the perfect moment for Microsoft to finally kill off free upgrades for those on older Windows versions – just because it’s drawing a clear line in the sand. Also, we should remember that we’re going off what’s just a leaked preview of Windows 11, and the finished product may differ, with these configuration bits and pieces potentially being tidied away closer to release. As always in these situations, we’ll just have to wait and see, but given that Microsoft has held the door open – or perhaps that should be the window open – for older versions for some six years now, it’d be no surprise to see the software giant continue to do so. Five years is a long time to let upgrade loopholes slide, after all, and it’d seem that Microsoft perhaps made a decision that it’s more important to get user numbers and drive adoption of Windows than it is to make money off selling licenses to upgrading punters. And of course it’s not like sales aren’t still coming in from new PCs with Windows on board. If the free upgrade theory does turn out to be true for Windows 11 when it purportedly hits later this year, another question is whether Microsoft might make this an ‘official’ offer again – presumably with a time-limit, and perhaps a final one this time – or will it just continue to be an unofficial upgrade path, as with Windows 10 right now? Another point to bear in mind here is that Microsoft will obviously want Windows 11 to be seen to have a successful launch, and to be a popular move, so driving up adoption numbers with the freebie upgrade might help in framing that perception. Indeed, this could be another argument for a fanfare – and big push – around an official upgrade offer being implemented once again, however unlikely that may seem on the face of it.

Via techradar

Germany on Monday opened an investigation against Apple over anti-competition practices, making the iPhone maker the fourth US tech giant to be hit by such probes. The antitrust authority had in recent weeks opened similar investigations against Amazon, Google, and Facebook under a new law that took effect in January giving regulators more powers to rein in big tech companies. The watchdog said it has initiated the first stage of the probe to determine if Apple has "cross-market significance". "An ecosystem extending across different markets can be one indication of such a position held by a company," said the authority. "Such positions of power can make it very hard for other companies to counter it." Andreas Mundt, who heads the Federal Cartel Office, said his service will look at whether Apple has established such a digital ecosystem across several markets around the iPhone with its proprietary operating system iOS. "A key focus of the investigation will be the operation of the App Store because in many cases, it empowers Apple to have an influence on the business activities of third parties," he added. An Apple spokesperson underlined the company's contribution to the employment market in Germany, saying its iOS app economy supported 250,000 jobs. "We look forward to discussing our approach with the FCO and having an open dialogue about any of their concerns," said the spokesperson in a statement. Following the first stage of the probe, the cartel office said it might then look at other specific issues after it received complaints from "several companies against potential anti-competitive practices." This included a complaint against the company's alleged tracking restrictions of users in connection with the introduction of the iOS 14.5 operating system. It added that complaints had also been filed by app developers disputing the usage of Apple's system for in-app purchases. Germany's tougher stance against the digital giants came after new EU draft legislation unveiled in December aimed at curbing the power of the internet behemoths that could shake up the way Silicon Valley can operate in the 27-nation bloc. The push to tighten legislation comes as big tech companies are facing increasing pressure around the globe, including in the United States, where Google and Facebook are facing antitrust suits. Besides looking at the reach of the companies, scrutiny often extends to privacy issues. In its investigation targeting Google, for instance, the German cartel office said it was examining if consumers who wish to use the search engine giant's services "have sufficient choice as to how Google will use their data". The multinationals are also facing a crackdown from Western governments seeking to claw back taxes which they fear had been channeled unfairly into tax havens. Germany and France have joined calls from the United States to impose a global minimum corporate tax of at least 15 percent, a move that targets multinationals like Amazon and Google. Follow this thread on OUR FORUM.