« Google Chrome Update Addresses 2 Security Flaws | Main | Thousands of Vulnerabilities Detected In FAA's Air Traffic Control Apps »

Researchers release Win 7 rootkit

"Security researchers have released a proof-of-concept rootkit for Windows 7, in the hopes that its availability will assist in the prompt development of an antidote.

Indian security researchers Vipin Kumar and Nitin Kumar demonstrated the toolkit, dubbed Vbootkit 2.0, at the Hack In The Box security conference in Dubai last month. Initially the security boffins wanted to keep the code under wraps, in case malicious hackers latched onto the approach.

They've since had second thoughts, prompting them to release the code for Vbootkit 2.0 under an open source licence, in the belief that its availability will assist the work of other security researchers."

Read more: http://www.theregister.co.uk/2009/05/08/win7_rootkit_poc/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Their rationale is highly suspicious- the problems that lead to them being able to execute code in Windows are fundamental security problems with desktop computers and something that needs to be fixed at a basic architectural level. Their "rootkit" loads off of removable media during the computer's boot process, prior to an OS on disk loading. How exactly do they propose a swift solution to the two truths- if the attacker has direct physical access to the computer you have lost, and if integrity is compromised prior to your code running, your code is compromised?

The only technical solution would be additional controls during the boot sequence, but this is a problem that people have been working on for decades without much progress (the best we have is password protected BIOS, TPM, and Encryption- none of which really help against this attack). The problem ultimately is that they are looking for technical controls to prevent physical tampering (since that is the attack vector for their boot attack), when physical controls are the best prevention for physical tampering.

Boot set to hard disk first, a password protected bios, and a tamper proof case that prevents the CMOS battery from being pulled would thwart 90% of attempts to execute this attack. The key is a tamper proof case- a physical control for a physical problem.