« Microsoft buys out Winternals founded by Mark Russinovich
GROMOZON.COM - The strange case of Dr.Rootkit and Mr.Adware »

Rootkits, more emerging threats

The Black Hat Briefings in Las Vegas are a pointer as to the direction that particular IT trends are going. With six presentations this year dedicated to Rootkits it shows that Rootkits are fast becoming a bigger threat to users.

Gone are the days when authors wrote Rootkits for bragging rights. They are now written more by attackers trying to get their hands on sensitive information that users may have on their PC or companies on their network.

Currently to method of installing and running rootkits is to place them on the hard drive of a persons PC and get the rootkit to hide itself from all but the best anti rootkit scanner.
This year at Black Hat Joanna Rutkowska, a senior researcher at COSEINC, a Singapore-based security company, demonstrated how rootkits could be installed at an ever lower level than they are at the moment and thus provide more stealth und ultimately more longevity

Joanna Rutkowska showed how she could use AMD’s Pacifica hardware virtualization to install a rootkit and malware into Microsofts new Operating System called Vista. Another similiar method using Intel’s VT-x virtualization extension can also be used. According to Dino Dai Zovi, principal with Matasano Security LLC, rootkit authors can use VT-x to install the malicious code that is inaccessible to the running operating system, hiding and controlling access to blocks on a disk.

There is also Proof of Concept code available to install rootkits into the BIOS of your computer, although this is hard to achieve and there are no known active rootkits circulating.
John Heasman has been playing with the ability to use the Advanced Configuration and Power Interface specification for power management functions in most computers to copy data from the BIOS to the operating system. “It continues to surprise me what you can do with it,” he said. This sort of rootkit would be survive reboots and would be hard to find.

There are some interesting days ahead in the rootkit world and researchers like Joanna Rutkowska and John Heasman are way ahead in their thoughts on the next attack vector.

What ever will be next?

Keep Safe

regards
Steo
www.antirootkit.com

This entry was posted on Wednesday, August 2nd, 2006 at 4:37 pm and is filed under News, Vista, BIOS Rootkits, VM Rootkits, New Rootkits. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply