Rootkits on your Soundcard? Could be!
John Heasman of Next Generation Security Software Ltd is well known for bringing us a research paper on how rootkits could use the Power Management section of a BIOS to hide itself. This paper showed us how rootkits could move away from residing on a users Hard Drive and onto a computer chip on a Motherboard. John has come up with a new research paper entitled “Implementing and Detecting a PCI Rootkit” in which he shows us how to plant a rootkit on a regular device like a Sound Card or Modem plugged onto a computer motherboard.
The research paper, avail for download as a 15 Page PDF, shows how to implement and detect a PCI Card rootkit that can be used for any operating system like XP or Linux to name but two.
PCI Rootkits can reside on Sound Cards, Modems, Network Cards, Capture Cards or any other PCI device that has an Expansion ROM and no Trusted Pltform Module or ROM write protection. Most current PCI devices are suseptible to this form of Rootkit infection although newer models have some form of ROM protection.
An attacker can place rootkit code in an Expansion ROM of any PCI device that has no ROM protection. When the PC boots up the code in the ROM is called up by the PC startup sequence (POST - Power On Self Test). The code that runs can in turn be used to “fool” the booting Operating System that there is no threat aboard.
This research paper was published so that Anti Rootkit software makers can adapt to any potential threat of a rootkit attack via the PCI Bus.
Keep Safe
regards
Steo
rootkit