Hi all
This looks an interesting find although it represents a problem when they used a Virtual Machine but this sort of stuff could possibly work on a REAL machine as well.
It works on the basis that W7 assumes the Boot process is safe. This is where AV software has a problem since the OS has to START before the AV software (or anything) can run. -- Or at least the kernel must load enough of itself to allow application program (the AV software for example) to be loaded and executed -- too late by then.
While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.
VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said.
a good way to tighten this up would be to initialize a (bios) system boot password.... then tie a chain around it, attach an anchor, then throw overboard
My Computer
Computer Manufacturer/Model Number
CUSTOM
OS
XP/win7 x86 build 7127
CPU
Athlon64 X2 DUAL 4200+ 2.21ghz
Motherboard
ASUS K8 PRO SLI
Memory
2GB Dual Chan DDR2 Corsair
Graphics Card(s)
Nvidia 6800GT
Sound Card
nvidia
Monitor(s) Displays
19' LCD
Screen Resolution
1280x1024
Hard Drives
WD 250, 2x500, 2x1TB IDE/USB
WD 250 SATA (system)
SEAGATE 120 Sata
PSU
coolermaster 450
Case
SUPERFLOWER
Cooling
1 HDD bay fan, 5x80mm Case Fans, AEROGATE II Fan/Temp
This sort of stuff could easily be installed on a computer by running any old application in a Browser.
How many people on this site still use those online Driver scanners or Registry cleansers without 100% checking. Even a single program run from a browser like Check your IP can install "unwanted" stuff.
However blocking Browsers is not the easiest task in the world -- most users want to USE their computers conveniently - not jump through hoops to get an application to work -- and with emphasis on "Content delivery" and "The Cloud" more and more applications will have to be "Browser enabled".
It's easier securing a "Static OS" -- much more difficult when you are in a highly dynamic environment and have the potential resources of the entire web available for "hacking".
Anyway that's what the Security guys are paid to do -- fix this stuff.
Cheers
jimbo.
My Computer
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom built, several laptops HP/ASUS
OS
Linux CENTOS 7 / various Windows OS'es and servers
:sarc:
Everything can not be "easily installed" via the web browser. And As Far As I know Seven use by defaul IE8 with protected mode...(and other browser are not less secure.. nobody will install IE6 on Seven!) So it would be hard to make an attack which need physical access via the web browser on seven.
This kind of attack is like hacking the Bios of your computer before the OS boot... really hard to do remotly
My Computer
OS
Vista H.P. SP1 x32 Seven RC x64
CPU
Q6600 @ 3.4Ghz
Motherboard
GA-EP45-DS3L
Memory
4Go PC2-6400
Graphics Card(s)
8500GT @ 700/500
Sound Card
Audigy Platinium
Monitor(s) Displays
Mitsubishi Diamond Pro 920 + Mitsubishi Diamond Pro 720
