FYI...
64-bit banker rootkit spies on online customers
- http://www.h-online.com/security/new...s-1247881.html
23 May 2011 - "... Kaspersky has discovered* another rootkit with 64-bit Windows support: a variant of the Banker rootkit is targeting the access credentials of online banking customers in Brazil. The malware is injected into systems via a hole in an obsolete version of Java and first disables the Windows User Account Control (UAC) feature so that it can go about its business without being interrupted. It then installs bogus root certificates and modifies the HOSTS file in such a way that victims trying to access the banking web site are redirected to a phishing site operated by the criminals. The injected certificate prevents the browser from issuing an alert when establishing an encrypted connection to the phishing site, and the victim is left unaware. Kaspersky says that the malware also deletes a security plug-in used by various Brazilian banks. Unusually, the malware installs a custom system driver to uninstall the security plug-in and modify the HOSTS file. On 64-bit Windows systems, this requires some effort because Microsoft's Kernel Patch Protection (PatchGuard) prevents unsigned drivers from being installed. As 64-bit Windows installations still have a relatively small market share, rootkits with 64-bit support are currently still quite rare; a 64-bit version of the Alureon/TDL rootkit was discovered last November..."
* http://www.securelist.com/en/blog/11...also_to_64_bit