At the conference Hack In The Box Security held in Dubai this week, two security researchers have demonstrated a takeover of a virtual machine Windows 7 when it starts up. A feat made possible through a program of their design weighing just 3 kb and named VBootkit 2.0. A version number which suggests a precedent that had taken advantage of a bug in Windows Vista in 2007.
With their proof of concept using the wrong operating system to come from Microsoft, Vipin Kumar and Nitin Kumar priori may raise some concerns, especially as reported by the About Network World reported: "He ' there is no fix for this problem. This cannot be corrected. This is a design problem. "
VBootkit 2.0 modifies the files loaded by Windows 7 in the memory system during the boot process. Thus, no files on the hard drive is modified, making VBootkit 2.0 very difficult to detect but "consideration", a reboot makes obsolete the safety problem (garbage collection system.)
What already reassure but a more limiting factor to any attack is that VBootkit 2.0 cannot be installed remotely and the attacker must have physical access to the victim machine. Following is another story with remote control, elevated user privileges, remove the user password and therefore access to all files. A password is restored after attack, leaving no trace.
source : windowsxlive.net
Saturday, May 9, 2009
0 comments:
Post a Comment