New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot

Page 1 of 2 12 LastLast

    New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot


    Posted: 19 Nov 2011
    A security researcher who has in the past has created low-level rootkits capable of staying resident on an infected machine after reboots, said he has now accomplished the same feat on Windows 8, which hasn't even hit the shelves yet. Peter Kleissner said he has created a new version of his Stoned bootkit that defeats the pre-boot security checks included in the forthcoming OS and survives reboots.

    Kleissner is known in the security community for his creation of the Stoned bootkit, a sophisticated form of rootkit that is designed to load from the master boot record and stay resident in memory throughout the boot process. The previous version of the bootkit was designed to work on Windows XP through Windows 7, but the new one that Kleissner has written also works on Windows 8. He said in a message on Twitter Thursday that Stoned Lite is a small footprint bootkit that can be loaded from either a USB stick or a CD.

    He said he may also add some other functionality to the software in the near future.
    Source

    A Guy
    A Guy's Avatar Posted By: A Guy
    19 Nov 2011



  1. Posts : 4,049
    W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
       #1

    I thought (that I read) that only affects BIOS booting and not UEFI booting.
    Last edited by lehnerus2000; 19 Nov 2011 at 21:33.
      My Computer


  2. Posts : 4,161
    Windows 7 Pro-x64
       #2

    Everything begins at/from the BIOS. The BIOS hands over control to the first byte of the MBR/VBR. That can be an EFI, OS loader or whatever is put there.
      My Computer


  3. Posts : 4,049
    W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
       #3

    Replacement


    I'm reasonably sure that UEFI replaces the BIOS.

    From Wikipedia:

    "The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware. UEFI is a more secure replacement for the older BIOS firmware interface, present in all IBM PC-compatible personal computers, which is vulnerable to bootkit malware."

    The Linux "guys" are all screaming that Windows 8 Secure Boot is actually to prevent the installation of Linux operating systems (not to prevent Rootkits).
    Last edited by lehnerus2000; 19 Nov 2011 at 22:46. Reason: Additional
      My Computer


  4. Posts : 4,161
    Windows 7 Pro-x64
       #4

    It's not a total "replacement". The UEFI is firmware and software that takes control of the hardware interrupts but it does NOT completely replace the BIOS. POST and SETUP are NOT part of UEFI.

    Source (NOT Wiki)
    Attached Thumbnails Attached Thumbnails New Version of Stoned Bootkit Said to Bypass Windows 8 Secure Boot-uefi-q-.jpg  
      My Computer


  5. Posts : 4,049
    W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
       #5

    It's a useless additonal point of failure then


    carwiz said:
    It's not a total "replacement". The UEFI is firmware and software that takes control of the hardware interrupts but it does NOT completely replace the BIOS. POST and SETUP are NOT part of UEFI.

    Source (NOT Wiki)
    Interesting.
    Thanks for that link. :)

    So it is a completely useless disruption to the "established order of things".
    Just another thing that can prevent a PC from functioning.

    I only pointed at Wiki, because I read something on another blog and I wanted to see if it matched.
      My Computer


  6. Posts : 4,161
    Windows 7 Pro-x64
       #6

    Well, it's "said" to be safer but I don't see how. There's already malware that will emulate a UEFI interface. Nasty ones too. They just sit back and monitor EVERYTHING on your computer. Then "serve" it up.
      My Computer


  7. Posts : 4,049
    W7 Ultimate SP1, LM19.2 MATE, W10 Home 1703, W10 Pro 1703 VM, #All 64 bit
       #7

    Scam?


    carwiz said:
    Well, it's "said" to be safer but I don't see how. There's already malware that will emulate a UEFI interface. Nasty ones too. They just sit back and monitor EVERYTHING on your computer. Then "serve" it up.
    It seems to be just another layer that can be compromised.

    Perhaps it's just money-making scam (for the suppliers).

    Maybe the Linux "guys" are right after all.
      My Computer


  8. Posts : 4,161
    Windows 7 Pro-x64
       #8

    Don't know about scam. All the "biggies" have their hands in the spec and implementation is voluntary. I suppose it's advancing the PC technology as the BIOS runs on 16-bit addressing. UEFI can run 32 or 64 bit depending on the OS. The problem is that it's just a shell-based system. It calls other programs and that's what I think is the weak point. There's supposed to be a special secure partition for the software but that just hints of the same security problems as the MBR. If it can be written, it can be re-written.
      My Computer


  9. Posts : 53,363
    Windows 10 Home x64
    Thread Starter
       #9

    Good information, thanks for sharing

    A Guy
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 00:38.
Find Us