Researchers show how to take control of Windows 7

cartel

Banned
Local time
2:59 AM
Messages
93
Location
Hope, BC
Security researchers demonstrated how to take control of a computer running Microsoft's upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday.
Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. They demonstrated how the software works at the conference.
"There's no fix for this. It cannot be fixed. It's a design problem," Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack.
While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.
VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said.
However, when the victim's computer is rebooted, VBootkit 2.0 will lose its hold over the computer as data contained in system memory will be lost.
VBootkit 2.0 is a follow-up to earlier work that Kumar and Kumar have done on vulnerabilities contained in the Windows boot process. In 2007, Kumar and Kumar demonstrated an earlier version of VBootkit for Windows Vista at the Black Hat Europe conference.
The latest version of VBootkit includes the ability to remotely control the victim's computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected.

http://www.networkworld.com/news/2009/042309-researchers-show-how-to-take.html

http://www.dslreports.com/forum/r22290008-Researchers-show-how-to-take-control-of-Windows-7
 

My Computer My Computer

At a glance

Windows 7 SP1 Ultimate 64bitAMD Phenom II X4 940OCZ PC8500 Platinum 4GBSapphire HD4870 1GB 256-bit GDDR5
Computer Manufacturer/Model Number
ME!
OS
Windows 7 SP1 Ultimate 64bit
CPU
AMD Phenom II X4 940
Motherboard
ASUS M4A79 Deluxe (BIOS 3603)
Memory
OCZ PC8500 Platinum 4GB
Graphics Card(s)
Sapphire HD4870 1GB 256-bit GDDR5
Sound Card
HT Omega Claro
Monitor(s) Displays
ViewSonic G220fb still rocks
Screen Resolution
1600x1200@85hz
Hard Drives
160GB Seagate 7200.10 Sata
150GB WD Raptor 10,000rpm Sata
PSU
Corsair TX950W
Cooling
Zalman 9700NT
Keyboard
Logitech Standard
Mouse
Microsoft SideWinder
Internet Speed
5.26MB down 0.86MB up
Other Info
APC BackUps 900VA
Hi Cartel

Not new news but still relevant I guess. The only problem with that exploit is that the attacker HAS to have physical access to the machine as it cannot be run remotely to install, and it's only a memory resident so a simple reboot fixes it unless the attacker uses the opportunity to install some other backdoor while they have the system compromised. And that part should be picked up by a good AV's heuristics & firewall with good user notification of new processes asking for access.

As a "Proof of Concept", they're trying to make a point to MS about the boot process, but those attacks are severely limited in scope due to the fact that to compromise the boot process, the attacker has to have access to the machine.
 

My Computer My Computer

At a glance

Vista Ult 64bit - Windows 7 Ult 7264 64bitIntel Core 2 Duo E67504 G's Crucial Ballistix TracerBFG Nvidia 8800 GTS 340
Computer Manufacturer/Model Number
Personal Build
OS
Vista Ult 64bit - Windows 7 Ult 7264 64bit
CPU
Intel Core 2 Duo E6750
Motherboard
Asus Commando
Memory
4 G's Crucial Ballistix Tracer
Graphics Card(s)
BFG Nvidia 8800 GTS 340
Sound Card
Creative Sound Blaster X-FI Platinum FATAL1TY
Monitor(s) Displays
2-22" HP W2207 LCD
Screen Resolution
1920 x 1080
Hard Drives
3 x 500G WD Caviar SATA II
PSU
Enermax Noise Taker II 600W
Case
NZXT Lexa Classic (dual doored & windowed)
Cooling
Zalman 9700 CPU cooler - 4 x 120mm, 1 x 90mm fans
Keyboard
Logitech MX 5500
Mouse
Logitech MX Revolution
Internet Speed
Blazing...
Back
Top