ITW x64 TDL3 rootkit

[Boyfriend]

Alureon: The First ITW 64-Bit Windows Rootkit (Courtesy of Microsoft)

[Boyfriend]

Wikipedia (Kernel Patch Protection)

Kernel Patch Protection (KPP), informally known as PatchGuard, is a feature of x64 editions of Microsoft Windows that prevents patching the kernel.
....
Because of the design of the Windows kernel, Kernel Patch Protection cannot completely prevent kernel patching. It should be noted that Kernel Patch Protection only defends against device drivers modifying the kernel. It does not offer any protection against one device driver patching another.

Weak protection is offered by KPP, even lower than advertised/expected. TDL3 patches miniport driver and easily bypasses KPP protection.

[Ceyfer √]

New functioning malware for a new platform, but uses the old dissemination trick.

Not new after all. Just be vigilant! ...a simple awareness will do.

[safeguy]

Because of the design of the Windows kernel, Kernel Patch Protection cannot completely prevent kernel patching.[7] This led the computer security providers McAfee and Symantec to say that since KPP is an imperfect defense, the problems caused to security providers do not outweigh the benefits because malicious software will simply find ways around KPP's defenses.[15][25]

Just because a robber can force break entry into your house doesn't mean you should leave it wide open. I've been thinking of upgrading to 64-bit for some time but since I'm still with 3GB RAM and most software developers currently have a preference for 32-bit (e.g. 32-bit version = free while 64-bit version = you must pay), I'm sticking with 32-bit for now. And not to mention security apps that are 'weakened' by PatchGuard...such as Sandboxie. I'll wait...