Monday, 2024-04-29, 1:35 PM
Welcome Guest

Distance Education

Main | Stoned bootkit - Forum | Registration | Login | RSS
[ New messages · Members · Forum rules · Search · RSS ]
  • Page 1 of 1
  • 1
Forum moderator: Christos  
Forum » General Discussions » iHax » Stoned bootkit (It installs itself in the MBR and can bypass encryption)
Stoned bootkit
Dr4c0niusDate: Thursday, 2009-08-13, 10:57 AM | Message # 1
Major
Group: Users
Messages: 96
Awards: 2
Reputation: 0
Status: Offline
http://www.stoned-vienna.com/

In a kind of nerdy, oh-shit-my-computer way, I'm scared by this.

Oderint dum metuant

<locokamil> Your belief system is thermodynamically unsound.

 
HaydenJohnsDate: Thursday, 2009-08-13, 11:38 AM | Message # 2
Lieutenant colonel
Group: Checked
Messages: 123
Awards: 0
Reputation: 0
Status: Offline
Quote
Stoned Bootkit is a new Windows bootkit which attacks all Windows versions from XP up to 7. It is loaded before Windows starts and is memory resident up to the Windows kernel. Thus Stoned gains access to the entire system. It has exciting features like integrated file system drivers, automatic Windows pwning, plugins, boot applications and much much more. The project is partly published as open source under the European Union Public License. Like in 1987, "Your PC is now Stoned! ..again".

There's your problem...

In all seriousness, this is just another program for script kiddies to play with. Security follows the same pattern:

Crackers discover a security flaw
Linux gets a patch to fix said flaw
Crackers use it to screw up a few thousand windows computers
In the process of making the new Linux patch, a few minor glitches are discovered and fixed.
A few weeks later, a patch is released by microsoft - but it will only install on "Windows Genuine Advantage" certified systems

Wash, rinse, repeat. It's happened before (ping of death, for example), and it will happen again.

~ Click it
 
Dr4c0niusDate: Thursday, 2009-08-13, 1:46 PM | Message # 3
Major
Group: Users
Messages: 96
Awards: 2
Reputation: 0
Status: Offline
Actually, I've been looking at this for a while, ever since it got demoed at defcon. There is no underlying flaw to the windows OR linux platforms. This loads itself BEFORE the os, and as such it can read everything typed regardless of operating system. Think of it as a keylogger (in the most simple use), but one that runs BELOW the kernel.

This is probably the most usable one out there, but similar mbr bootkits and bios rootkits have been produced. One actually loaded itself into the memory of pci cards and could survive even if the bios was overwritten.

Let me repeat that again: the company has targeted mainly windows because of its market share, and due to the generally greater technological knowlege of linux users, however I would imagine that this kind of thing could easily target, say, RHEL, or Ubuntu, or OsX with only minor modifications.

To fix this, presumably linux could refuse to load if it detects MBR modifications, but that is kind of... irritating.

Oderint dum metuant

<locokamil> Your belief system is thermodynamically unsound.

 
HaydenJohnsDate: Thursday, 2009-08-13, 2:52 PM | Message # 4
Lieutenant colonel
Group: Checked
Messages: 123
Awards: 0
Reputation: 0
Status: Offline
I was making a bit of a tongue-in-cheek jab at windows there. Not serious.

Still, what I said holds: The technology will update to fix the issue.

And if it becomes an issue with linux, there'd probably be a warning placed on the loading screen or something as a temporary fix. I'd say the same for windows, but when it's a closed company working on it it would take a bit longer.

~ Click it
 
Forum » General Discussions » iHax » Stoned bootkit (It installs itself in the MBR and can bypass encryption)
  • Page 1 of 1
  • 1
Search: