Hi all
This looks an interesting find although it represents a problem when they used a Virtual Machine but this sort of stuff could possibly work on a REAL machine as well.
It works on the basis that W7 assumes the Boot process is safe. This is where AV software has a problem since the OS has to START before the AV software (or anything) can run. -- Or at least the kernel must load enough of itself to allow application program (the AV software for example) to be loaded and executed -- too late by then.
While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.
VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said.
a good way to tighten this up would be to initialize a (bios) system boot password.... then tie a chain around it, attach an anchor, then throw overboard
This sort of stuff could easily be installed on a computer by running any old application in a Browser.
How many people on this site still use those online Driver scanners or Registry cleansers without 100% checking. Even a single program run from a browser like Check your IP can install "unwanted" stuff.
However blocking Browsers is not the easiest task in the world -- most users want to USE their computers conveniently - not jump through hoops to get an application to work -- and with emphasis on "Content delivery" and "The Cloud" more and more applications will have to be "Browser enabled".
It's easier securing a "Static OS" -- much more difficult when you are in a highly dynamic environment and have the potential resources of the entire web available for "hacking".
Anyway that's what the Security guys are paid to do -- fix this stuff.
Cheers
jimbo.
My Computer
At a glance
Linux CENTOS 7 / various Windows OS'es and se...Intel i7 Intel i58GB, 16GBOn Motherboard
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom built, several laptops HP/ASUS
OS
Linux CENTOS 7 / various Windows OS'es and servers
:sarc:
Everything can not be "easily installed" via the web browser. And As Far As I know Seven use by defaul IE8 with protected mode...(and other browser are not less secure.. nobody will install IE6 on Seven!) So it would be hard to make an attack which need physical access via the web browser on seven.
This kind of attack is like hacking the Bios of your computer before the OS boot... really hard to do remotly
