|
|
|
Researchers Release Bootkit Code Targeting Windows 7
By: Brian Prince
2009-05-07
Article Rating:  / 4
There are 6 user comments on this Network Security & Hardware story.
Two security researchers open-source code that can be used to take control of versions of the Microsoft Windows 7 x64 operating system. The team decided to release the code despite initial reservations over security.Security
researchers have made available for download the source code for a "bootkit" that
allows hackers to take control of Microsoft's Windows 7 operating system.
Dubbed
Vbootkit
2.0, the software was first presented by researchers Vipin Kumar and Nitin
Kumar at the Hack In The Box security conference in Dubai
in April. At the conference, the two researchers demonstrated how attackers
could circumvent security features implemented in the kernel and gain
control over Windows 7 (x64).
"It
hooks the basic hard disk reading mechanism, the INT
13h method, then waits for read requests," Vipin Kumar told eWEEK in an
e-mail. "When it finds a known signature, it patches the file in memory
and the process continues till we reach the kernel."
The
attack can be blocked using BitLocker Drive Encryption and the Trusted Platform
Module, and as demonstrated requires physical access to the system.
"If
one has this kind of unrestricted access, one can do many things to compromise
the system," a Microsoft spokesperson pointed out. "BitLocker, in
addition to data encryption, can also help protect against physical-access
attacks with its secure-boot technology. The feature uses a Trusted Platform
Module (TPM 1.2) to help ensure that a PC running Windows 7 has not been
tampered with while the system was offline."
However,
the BitLocker feature is not slated to be available in all editions of Windows
7, just the Enterprise and Ultimate
versions.
"We
would really like Microsoft to release one single edition with all features
available to all user[s] instead of crippled editions," Kumar wrote.
"Right now BitLocker and TPM are only available in the high-end
versions."
While
it may be possible to modify the code to launch
an attack remotely, Kumar explained that the level of effort required makes
it unlikely.
"We
are not concerned that someone might modify the code to make it remote-capable
because before he puts this much effort into Vbootkit, he might really have
some easier ways to get the job done than Vbootkit," Kumar wrote.
"Moreover, if that happens then it's time for security/anti-virus
companies to put some more hard work [in] and detect Vbootkit at run-time."
Due
to concerns about misuse, the researchers had not made the code widely
available until now. Kumar explained that malware
developers always find a way to launch attacks, and that there are easier
ways to accomplish the same goal than Vbootkit.
"All
we are trying [to do] is help more people understand the real enemy, malware So,
this might trigger up new ideas in [the] security industry to help solve the
problem," Kumar wrote. "We are still using age-old methods ... to
detect malware."
| | Reader Comments: Researchers Release Bootkit Code Targeting Windows 7 | | >>> Post your comment now!
| | Argument against "One Windows"I do wish MS would reduce the variety of flavors of Windows, but I don't want them to go all the way and only provide one release.
Arguing that... Posted At: 07-12-09
By: Brian | | | | | | A user comment on this articleHMMM....Other OSs are targeted, Mac OSX is now on the radar of just about every hacker out there. Look at the work that the guys from Metasploit have... Posted At: 05-14-09
By: Annyed at Ignorance | | | | | | security researcher breachedWell Why not have all the security researcher company make their own OS that is virtually fool proof?
as far the the bootkit being made and being... Posted At: 05-12-09
By: notsotechie | | | | | | Get RealAny open source code that is realeased, is just that, open source. The fact that Vipin and Nitin released this does not make them liable for... Posted At: 05-11-09
By: Annyed at Ignorance | | | | | | AccomplicesThese two are little better than blackmailers and accomplices to the criminals who will employ this tool to hack Windows 7.
They are... Posted At: 05-09-09
By: Annoyed - At Them | | | | | | security snafuI could not agree more with the Kumars that Microsoft failed to learn from its Vista adventure. Even if it persists on having multiple flavors of... Posted At: 05-08-09
By: Stratocaster | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������xr㶲0;; ʷ♵MR%bY^f&uT� I)Rl+9%]%3n�BKL}�.
h4��}Aȅ3&�ל۔O]sSãw�$C�!2I-*rdz&j9%G�jL7�R}f]S� ���L|A�(��{��#�K&�OV`MھlM1e�ck_gp��,c�w
h{=Dm@�~5;��r�!&2{8�K;;"?*B�]2IXަu�ɷ~{Xd�;�S�[�BT�|DJ�k4ً�ʏшqGOП�ad^x/4��U'i3[_��Sա(v�2%v+!6^�;�r9Fȹ�׳oGni�=7dc7l#2�5NR�ZB[��4�HmCc7`pm׃)KTQ3#}j�ݳt#ԳFu|ף&Y�!&�$f��v?ĭ�Q�I&���qO-%F^80'C8:)X̠�e[7'0ml_j|��uvs<"s~7 j�d��1KU
6� �C p==\'��xtTa_dY7;�Ͱ-6@6cM-���*R< x�Z������k��ɥzl$i3)����N,�"['lji][W^['�7bٚXC�ji@�e$�X�]�,EY}Y4[ۧ��w�:�R��ڟ�+H*}m
p�Oy�$~~z>54�01\�]Z-�Jjg$���PE$Y)r$:w.�!}Ow|�nr2GrI/]o,�beQ
�5f`XӀ7�? eR2\
L9���X@.@ש#04ǯiV=<<䭱BGQ�liBu��V�!0N�D=jSf�I�r(,e��g{@�N)��61t�kM`3R˼��ĿI�K2_VJ�-ɿEh+dԌө$ɛ!"G�9x�W��,ʹ��c�䁉1SUҽT7ws
iغ�T09;�N>]/7+De,Ⱥ
35-wnzˬ�;\g\?k5[Mһ^��["OtvSjZim;N"5d}4>ljAGA�ticšϭ@7&��hC}ҍ:L� ���wG|�H{� }!PI}H�)gv�*z(tH hA'r=�kJ�ׇ.[??��
;
G`r]��;�hk
=Dt��#X`���V��<���2+?>�f�n@�}SȀ�|`@=XS9nвAc@
��T�#!E+LTBYah�]s�6/r�~kN�4;M�80��Nݡe-6m*IH�-qݻ(�Qܧ&�;oæ˘c_��� #���>(cpHl`_��t`@B^C��� &@SZ_F�k���ZCSDܔwц.�[к|XX�]oL�;*УCkzxMV9ë#߬'p�pZC}`/�cԧ8P�Ⱥ]0�UESUG�;[+؝?�F����M���6B4!$Ծ �X�� x@�7*(SӞͥjXX'�RN�.x[Z6Gc�M"
�$rm?QdW᧘�V�Qpj/�u2|[\Y3
Q�|l8`Ĕ�)Ԩ�5U�V�*~e�/�zoΊ.EՌLtPȐ�hNǓ�W�ȡ5Th7 �8U��PG*lpϛ3GD�*@7Z �ɦ~gZ
�gy>cIR|5Y��N�כ~x6�M=/@#J,7ƹ�7<�qƃ~�wB�y@*F_H_MϺ��BN�7axެxP�E�u/�O�i_RLFd�*T~�!\y�Rfzg]a+s�|4O?{R�T
kݿy��Wni�=3�ݸ,`YEn;&};砩gqɜ�]/� �\'��!�̀X'v-7Y4Pp�2^uK*~x�VO�[)4�\D"p-�ƍnp�8v/�W�kc{~N��ka6p֩r�Zg�P*HA:er,×?�Yq*
2,ҕK�Oe3~1�8@أ=�y}�d:
C�5C+ijBcEr�`�3K?�-$N�V}m4eH�$6Pq+�$X˴��I>�O��
��wA�*�}/*\E�IvSITT7zog�W�oT~Z�U�ts��UIfT.jZ��l[)Uʹ�f>"�4a!��X>�bxyO��P?l]�Z.+a�d>C���`t>�X8��'?�lGD �pL�+���xo~.RHC$ |J8��A*�����[�/Ix6]S�0:ld}G]ItM??"�Cu/YӾrLX8�u~_w:UGA�QAZ=gq o2
}Uj_6[:"c�_>^w?]6vů-Ӹoٷ��!�K1Nc�bw}lɾ3z^^5Ga
.ZgCF@�ɁUN~#t��ۗKߧ5wL.ڗ-)�^{%<�rLAj\?^�'d�}
szj\�6b�7L`jX&IyqD#S�5C2҃a++�H0 BX5'�^rt%�V}kr�!qjP6h�M�{k*q�
Bb/�3�bA!I|JܙAPc��{ ~�P)'$��v%�c/�2��BL0B�D_�XJI�!)W$f'e�KHkN
N�x=|
r
/Uщk
]^�4~ y*~y:~_dxD���'BٰGg15\6Igҽ8 $CebS`݃�_.Z�s;�Ыi!�Q2�7��?xKP .Mu?Ro2MD�Y{�.Nl�{-~=P��Rv��PR)&|v(I�;
ݖ>h,5K2)!M\�'(RL P6lO&y=%lQ1 i(KBi%�lbTHJoO�wո�4<1ޥ]WxvIq綱��yx9*iA�(5�~q�.�H�>a')-�GH
T䵤�
W[dUH.~��oJ.�6�
T�Vz@0�H�r刜|1{~�U=IАYc=p>}愜1;z[5e's
Cw+�i{}pҹ2CWq�j�:�+`)=$�XH�!Hn
e_-"2gNIJn/��}L�z�d<
,f��Jf�Z��Ҽ2iAh��3�O7n�C\j`l_�c(5?_gpKw�
�zK[,rK"K�q
Ԉ@jhir"N,s`U�zH^8�؈ڃ}�v�U6�m>=�=S��Z�~D� Rf7�O�m]N���i���j.Όs�$��gr0G �*y�h�\v�[w5&pQx66�y��)1hTRwop8�lv8�w
-��6N(�
6��V8U� �W_÷zgVy{�rx�|[vz��_cLRF<��U�5p1-[K/�!]9?3�[Gͨ_>�=�s�(u��߂[AƧSˁ]mY±ZC�bc&'��@
tG5Q)��v�oYö#@_�;*8QUIة
&o��S4!\�,f�n3�Yx ߯�WC//uMj۪n�Y�aЗ�[q$OtIr.t�t&9�wگ4į@*�Y)+$~K'ԡ#�^g`/Xu1�FrH%_Yx^\_J 2�-Gk�e�}㽄̓y3[f-dGgMy.}^'zo>�S�XGL0G�do��SCᰜ�`�L:ioQ� }�*'�c:a(q��]�[�18|K}wXjB{��e�St�:#�S^�>v�c"
Q��jGW�K`[Q Q?ZgYE6�T�_&��ǣ+5q�Yǔ����IUI?�xE�]V��{� ܒJ\~[��*U�j)4xK�b1$$iy5a�JH&n<*s22>t
͔>yba߭K=^��!`�eݦ^03g�G<,F'\@+J4Z)1Z/?/:]gTojߐ|DX+Lw�l`+L�a�l,SD��|\)vӔLv{KH�"8�7�94!K*i�^|Mr� Sl
Bo�$ܨS_4Î2!%KǙO)�
Ŋ�6So��-�[�Q0)�Zx��?��V%K�,/
JMzGmw�"YtS*u{8
�u$�0ZV0W�n�8$!��=&�bb-�9lKV�`hG0jag���.5<@$F|](Vf"!���!BxoK=��!�v�z}OVےUմC�vǰ@4fMJ�Z$QUH%*mB�C�Q�sOmAӊ&�ԟS5%^IĞS
uj墣t�('ć]٭h�c"���Ap$�G�8I�����>
!!.6Dge V*(�[]D)>^I0G݂զj%ku�F�
�V�HX#��s}/�213��F�'4444}KaQ^�˫38_>[7)C
tzQ���ϺE�Lf^rm˟HbefwM�#�8J;�� NE�$jYIy��_}%q�%T ([Rَ[\�f(_nH�*NJ��]lQ�Z�욮끒]P�l��ŞkB� a�}fQi��FH�?�ĖYxi���YHmR�Eu�qŚ1T!�*?1!5�קo9?��>�t AuG0ԆZmc>,>F ѢrKS]r9�Թ�`�v�6�`sWfJ�MŦP�`"`ҋ�
2TP=/qq�S,�RG_H
ۣ�B�Aa;])ZAD�q-
�!2�]HB�0��!��H�W�u/ڒN/NBA�0ݴƾԄ�0t��H�*�Q`E��CaŷFR�5>:e�3鑁c)��:gLs>&
>�-i�jxm9 �BeN-�Tte��VTFR䪛L%mܑ1111�S�R�S#�ˁZ:�*{t�6Q̦�ebiAٖI1H��HX
D8$Q�{!K���Ѱ6�RN/v*�襯L|��gaI
[:9Um4\TF){C/qzAed�4ny�p(��B��"7C�EF]�_ߥYF,P�a�;I-�KD�="
@�Qɺ}u2gl�gu4̯m;!�AY�;Xlw3�:t�&5
yּ��N-yi}Irx`�P=3k۳B!BoZ_$^n��ءcϖ�xr\�$n��"A�!J�d|`FϘ#Lc7#~m3Zl1l\@]3�Jh��9UX��(3�BUS��-:�iqۏ=�co[ry+�dϺ��4W�Wھ'
Mn6�vRzJLܱǯ:�G�]�\�#le5̝�7Bx/3Uoi�x�uQ7%eA(�E^ff5�� Nm exi&]$5�?hVr�6`��l�j[���ǼYQZ\g3@VD\[ˮ#{tѕorY(4VBˬeObr,NJӺ҇�
z�� ʬ��$Q3
ƹ�'�fbEX2̭�n gn�ix/�Vj�p]@Dh�=@/]�/c�&ܹN,cW?j�闶Upcy6���Ǘy�P�\�'o�>#ql1E+lZ�gj�w �.P4>��>F�Dr~�x̴��J5n;*��|h�]=�ErU����|So|Պ�[NiҡQ7
�X �=�[jT�nCĽ����[?_�4��D(Z/,� 3,K?c"��)=Mᣥ)*a섆T}fɷ�wQ>Lcf2Q�ȏB�Q
Q�EҐ�� ��I¢�Zt�O|�ȸ�Q?|(8�j
�K=p�V8��doLj{~ޚ~OF�òbݵ#�⟎W𝤊Z�GA�KDŦWN�gv@RCְjb`!�v�p�#Ld�Ԥ �ly4ˠ~D?�SM=1W>�i.V8΅c�{+94i[<,IbJb�f�iA i!F�{�Kb+^J7{F$�яpkJj%�5��V>9)r59#G�S��^�a)qc�)@5ˋ��|��AE&Lj?g[c���ek{`�ɣ3#ԄWN�pU)
&
��GZJ>�?y9~�hC\Y
�?�m��=umvX50{�,s3ki_?%Eѽ^��3B0O�yX~��m� e~=Wlm?ڒV�o5JzK(ӘALN`��r;c��±@�4@G�"ͨȁXJ0[1 K}�F�FV>G6ފb
=$T� a
2�T�]x]�-'|͌Vk�!.\,�OcLz""�#
� Ĉ[ bV&wb"7A6po<|WP�ʕ�U+'=~2hp����̊XH�t4*$:��m;e6LIx##�Ii3`wk+�փފ> 3A@:-u@�y2vAf.B��0
k5!�-0
h_M{ha�Ȑ�X]s���x2Cۑ7�0L}AYxv�Ԙ8�!� ȅL] C/,a�]ąՊ�ֽ'!��_M}C4-l�� \S-vr)GoZ˞r�Ѝ�Qݾ ?1!��@��LzaXIAX#�hb��G#=�nrj5�-i`Kk ��x
�D�z�ŗ)cDRPiF�}�tKXaيbP!e�"�۾bl��Uo%P`�qT83nj�t�s99̣2qts�\jJ�I�$!Ѕ8�i,)@"!��9͉�
Q�>��a_?X/�à�� s���3fWtVjE))J]U0u�!xW`ǪZJܬWv"6n?�U.4!W�)WPh����r##vGC�Th`��uP }a3bqOtv
/{M�"O'Uݽ$'
^¶-r5�ut_NW_ڗe?W?*6z;��6/M&ƋBrfe(A.��S�r?�si.$�/"Gcɂw�]%;飲<�/ĩ;�^< v�L"a^e=DM@
:� �ǨMOA~ټnzZ6R[NA��|vuQ5#!u>'8nzF�h9j�/;&}*�5=V0.8���S^u'V�ԼV(۸�r��ȿ
FF~��HMA
�?g�� v~ޜnfF>?ϴ/3e//�E�|XꝌ;��N�|o'��O'�?��'c�N�}v>;�2
_eԿ�Π�1�1>_?m�)>C|�}�}
d�d
M�%:IX g+8=R�dr�z)A^dկ�?e�,#�3YY�zvAe^e\12ௗeߗ�dlھ:6
q�ʕx�^S_xښꖽQqۭM��n@+G{2Ti�
k{
yD
2�s hxWYd�bd�
b{Xe?~VP�枔u�]�CR�M�z.!{%])2-XѦ�Z}5y^9=U2�6C�K}}:�ʾ "%/ܻ�CznQ�'��L2~�4'Ԏ"lOApr�c>v=na��x�&`�?&�S�.�ph;:ُG{w8 <0/qކr�H�'+?
|4;(^�i3Q*�5íEY�R�78��zp2�7}e\ �㌠��v�K
�!�V`l}�Tq4
j5%pJ!�J81�|�HM��3wN08
a箩-g�zFJ�]#DK(� |@-|1k"R1 ͛Y�.�Mu/�/� {_C1��C����f@)%�6b/`{�z5��hOs`�6&6neP!7a4�uv[F0��S|wL�35<>8Mqgq�D4;�o0]Z=*ȾwJ=C�[�%["i�
T |�d�L$pgB-[�{He��˦]&!Aٰ��(�A|s˸ 2Fd jJr�X\NC˦X`-yC/b)WO�,jq{��E�˫aBOwI{ x6v,Ӆ�VЫ���w���;�n�uV<�k,%f�]3&2�S'@��0~�7��Zz`L�,i`Arb��Wu�Z��JDpt#by��ܝ4ڀPJ]Hv禄�3�Ky
rؖ.?f
}uk6daﺮF)\DEK5 X 9cσ6-@�k0Cuϻz!_L �8$´
�dd3bĽ@<�u
61-d�t{z$_XO"K=v�`t[&x(8�"�2HH�2s�{B�|'Z�{J\fA2,��K�YN܇Є0�t\VẄ }+,RDvZ+F2}juP#춯Hϵ�=8�*c)M�Y��~l'PU�E0P�=Cb�sǣ�4H�:���u�8�:\5�m$�=�I�Kh4�[5��b8�gKJ'Ҥwvg�cw]/I)�H[aȹD.Iw��vAgL3[Y,�&���/ă_|
3�/bz`#8}k,XoMD�
,[K�|�iK�i�_)�yc<��Z�@n0$ �o�)�i�M1xu!AY��=٭^��!0�p,\f h|�}�ρ XsCQ%7
�=[+H�ʍt�/�A�st28_43@FOD07"���im"sEt䕲�%�(Xp^'A6ls�w6E~�b�ȉȎ�ly�J6/�՜GċOxmѵhO�Ql>-��#]^Fc`p
ۂ{ʐXhW��e�J@)�tnO˞K˰��ANx3AE�K^��rX�ѻ"gq�{h݁G��0q۷P�l@��xQ�b��G�:qSr26M���Q�pC�ؕE'�l�dsk'gycE]Y>�Ѝ
�01ngFb���
�fφŀ�n{L�6���^f+3s묟ƫ�R6Ȥ{� �m�PC�ik=R+�Eq�
sXǼVwWRڱ!�;r/D?8�@
ca, ��;fcJ
�,�oԛ'TS*a#o�*�;AN7�Wm���S$��˩;[8S'�>�Ep%Ӫro4lQ�_zc|>۳zw� _jPo|{ ŗ$ASX?�X :+�7�q�XҩY5?_.Z+�c~�s<^F}刻T3uG?�]?;��5z_[ayBcFLl4�7њE:�?C[7nyIOM),h#/-(j�LJ`��!XFپ,�u+ߴeF5<��#@gkf5U+k;idMn+:cSEᘸe=9TV}pv&|(lS24s�_jj)Bj�xTʉY3J̭�q;�f¦[Hh
�b�f�ղ�Jo_+��
|
Network Security & Hardware 
