Microsoft says the Netfilter drivers used to distribute rootkit malware were signed as part of the Windows Hardware Compatibility Program.
(Illustration: dem10 / Getty Images) Microsoft confirmed that it gave its seal of approval to Netfilter, a malicious driver used to distribute rootkit malware, as part of its Windows Hardware Compatibility Program (WHCP). BleepingComputer reported that Netfilter was publicly disclosed by G Data researcher Karsten Hahn on June 17. The Microsoft Security Response Center officially recognized the issue on June 25; Hahn offered more information about how the malware functioned that same day. “Since Windows Vista, any code that runs in kernel mode is required to be tested and signed before public release to ensure stability for the operating system,” Hahn said in the followup blog post. “Drivers without a Microsoft certificate cannot be installed by default.
