Symantec warns of 64-bit Windows Trojans

Symantec has warned of a new Windows 7 Trojan that can elevate the privileges of any restricted process to administrator level, without the user's permission or knowledge.

The latest fully patched versions of Windows 7 are vulnerable to backdoor.Conpee Trojan, warned Mircea Ciubotariu, a security response engineer at Symantec, on a company blog.

The new Trojan targets both 32-bit and 64-bit versions of Windows 7, adding to the growing weight of evidence that malware writers are redesigning their software to bypass security features in 64-bit Windows, said Ciubotariu.

The 64-bit version of Windows 7 and Vista included Kernel Mode Code Signing and Kernel Patch Protection, that were intended to make them less vulnerable to malware.

But backdoor.Conpee and the recently-discovered Backdoor.Hackersdoor Trojan have both been shown to infect 64-bit operating systems, said Ciubotariu.

“What was just a theory not so long ago is now being used in-the-wild by [these] threats,” he warned.

The Hackersdoor Trojan is able to bypass the driver signing system used in 64-bit Windows using stolen certificates.

Symantec first detected this type of infection in December 2011, and while the number of infections seen in the wild since then have been modest, it appears the malware writers have been using it as a test case, added Ciubotariu.

“It proves, once again, the length malware creators will go to achieve their goals,” he said.