World's First Win 8 Rootkit Invented
According to an independent security researcher, Peter Kleissner the details of a rootkit exploit for the upcoming Windows 8 operating system had been published, reports infosecurity-magazine on November 28, 2011.
Kleissner has earned reputation in the security community for his creation of the Stoned bootkit, which is a refined form of rootkit designed to load from the master boot record and keep the resident with the memory throughout the boot process. The earlier version of the bootkit (Stonned) was compatible with Windows XP through Windows 7, but the new version created by Kleissner is operable with Windows 8 also.
Security researcher claimed that the new bootkit, Stoned Lite comprises an infector file of 14 Kilobytes. The bootkit is also enabled to be started from an USB drive or CD, as highlighted in the arstechnica website during the third week of November 2011.
Kleissner also considered the addition of "in-memory patching of msv1_0!MsvpPasswordValidate." The exploit that is confirmed against Windows XP to be a part of a bootkit is enabled to change the password validation routine contained in the Windows for accepting any kind of password for an account.
This new version is also comprised of a boot loader enabled with the capability of a number of security features for the prevention of malware and security breaches. It also includes a capacity requirement and authentication of any kind of software loaded during a boot time with a valid digital signature. This feature is rather a malware killer as it blocks any undefined and unsigned software from loading into the memory before a startup. However the innovative boot loader has raised concern in the open source world as Linux distributions, such as Red Hat and Ubuntu do not come along with a digital signature.
Kleissner also accustomed his creation to Microsoft and also provided the company with a source code of the bootkit created by him.
However, this new dimension of innovation only came to fore after September 2011, when Microsoft announced about the added Secure Boot feature that enabled Windows 8 against any kind of threats.
Secured boot prevents malware attacks and enhances Windows 8 significantly making it more defiant against any kind of low-level attacks. Also on the entry of a virus into a PC, Windows is enabled to authenticate boot components and safeguard it from any attempt of malware attack on the system, reports Microsoft during the third week of November 2011.
Related article: World Find New Weapons of Mass Destruction - eWMD
» SPAMfighter News - 05-12-2011