New Kernel mode threats

First up we have Atsiv - a signed driver that lets you load un-signed drivers on Vista x64:

http://www.symantec.com/enterprise/security_response/weblog/2007/07/driver_signing_on_vista_64bit.html

Next we have this interesting blog from Symantec about the kernel mode rootkit / spam engine that was dropped on hacked machines, apparently be some of the 'Italian Job' hacked sites . . .

http://www.symantec.com/enterprise/security_response/weblog/2007/06/spam_from_the_kernel_fullkerne.html

What I find interesting is that the media made a big deal about the '10,000 hacked web sites' using IFRAMEs to inject malware into vulnerable PCs . . . they didn't really talk about *what* that malware was or how it works or how many potentially owned PCs there are as a result of the mass-compromise.