[6] The malware drew considerable public attention when a software bug in its code caused some 32-bit Windows systems to crash upon installation of security update MS10-015.
Microsoft subsequently modified the hotfix to prevent installation if an Alureon infection is present,[7] The malware author(s) also fixed the bug in the code.
In November 2010, the press reported that the rootkit had evolved to the point that it was bypassing the mandatory kernel-mode driver signing requirement of 64-bit editions of Windows 7.
Major advancements include encrypting communications, decentralized controls using the Kad network, as well as deleting other malware.
[12][13] While the rootkit is generally able to avoid detection, circumstantial evidence of the infection may be found through examination of network traffic with a packet analyzer or inspection of outbound connections with a tool such as netstat.
The "FixMbr" command of the Windows Recovery Console and manual replacement of "atapi.sys" could possibly be required to disable the rootkit functionality before anti-virus tools are able to find and clean an infection.
[14][failed verification] As of February 6, 2012, two of these individuals were extradited to New York for running a sophisticated operation that used Alureon to infect millions of computers.