When a company like Microsoft signs a new driver, you usually assume that program is safe to download and install on your machine. However, when one of those drivers ends up carrying malware, you rethink those assumptions a bit.
Microsoft recently signed a driver called Netfilter, which, as it turns out, carried rootkit malware that made its way through the gaming community. Rootkit malware disguises itself and fools its way into areas of your computer or system that aren’t usually allowed without administrative privileges.
This driver was connecting to Chinese malware command and control servers, even though it passed through the Windows Hardware Compatibility Program (WHCP).
In response, Microsoft says it will be “refining” its certificate signing process, including both partner access policies and validation, in an effort to avoid this type of situation in a future driver.
To ease concerns, this malware only works “post exploitation,” which means it needs administrative permissions on your PC to run. According to Engadget, you will likely need to go out of your way for this driver to actually affect your system.
