For those who missed this posting in the Malware section of the forum: https://forum.eset.com/topic/34454-new-whql-rootkits/ , a China based individual posted that he had submitted to Eset Virus Lab 31 attestation signed kernel mode drivers that were rootkits.
At the time of the posting which was a month ago, only one vendor at VirusTotal detected these drivers which was CloudStrike Falcon as suspicious with a final malicious verdict. It took Eset Virus Lab two days to determine that these drivers were indeed malicious rootkit drivers and issue a signature for them. Assume that if the poster never submitted these drivers to VT, they would still be floating around in the wild infecting Windows installations.
I again ask is it not time Eset start warning about attempted attestation signed driver installation?
