Malware City/Blog/

Apr
24
Filed Under:
MISCELLANEOUS

Boot-time Malware Comeback

24 April 2009
Security researchers Nitin Kumar and Vipin Kumar announced and demoed at HITB Dubai 2009 the second version of Vbootkit, a boot-time rootkit that is designed to crack open Windows 7. The operating principle is quite simple - while the bootloader only loads signed binaries, there is nothing in Windows 7 (or in any other version of Windows, for that matter) to check that what was loaded in memory is actually what is being executed, which provides the boot-time rootkit with a way to load and run unsigned code with kernel privileges.

Running the bootkit itself is quite another matter - to do so, an attacker would have to have physical access to the attacked machine, so that a disk containing the kit is inserted - at least, if Vbootkit 2.0 works anything like 1.0.

It's either that, or tricking the user into booting from an infected disk. Not impossible, but not easy either.





By Razvan Stoica
Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. When BitDefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking.

Related

14-04-2009 | UEFA e-scams haunt football fans

03-04-2009 | Conficker April Surprise

01-04-2009 | Downadup – The Internet Apocalypse That Won’t Happen

20-03-2009 | Insider Indicted For SCADA Tampering

Comments:

mac said on Apr-29-2009 22:36

Interesting method! Hmmm!

sleep number beds said on Oct-20-2011 19:39

The operating principle is better. We are glad to see this.

Comment on this

Name:

Email:

Website:

Your email adress will not be published.