A Certain Proof-of-Concept Program Can Exploit Vista DRM
A researcher working on Internet security has issued a proof-of-concept code, which hackers could employ to manipulate Windows Vista DRM (Digital Rights Management) to conceal their malware.
Alex Ionescu has said that he has created the program that would enable and disable protected Vista processes in an arbitrary fashion. Vista is Microsoft's latest operating system. Osnews published Ionescu's claim on April 12, 2007.
The most recent operating system software of Microsoft's Vista demands that the so-called "tilt bits" of PCs (hardware and software drivers) detect any strange behavior. For instance, if the voltage fluctuates unusually, or there are any jerks due to bus signals, or a function call returns some funny code, or a device register that doesn't contain the expected value, or any such similar thing, a 'tilt bit' sets in.
Ionescu's screenshots on his blog points at the successful run of the program. Ionescu included one process' stack information where Vista protects the process by default. During retrieval of that information by using Process Explorer, an error message appears. In Ionescu's particular screenshot the information becomes visible on eliminating the protection.
Security experts are currently testing the program's binary that is available on the Internet for download. Fraser Howard, a key virus researcher at security vendor Sophos told ZDNet U.K. that the code appears workable. At that time while Howard managed to run it on his PC he could not get to protect and unprotect the processes.
Howard further said, in the absence of a source code the program may work as desired such as remove its protection. That means it may as well be possible to add protective features to the processes. News.zdnet published this on April 12, 2007.
The binary intentionally obfuscates to restrict people from reverse engineering and abusing that knowledge, Howard said. But it certainly uses a driver as against what Microsoft writes through its documentation discouraging the use of driver to evade the protection system, he said. News.zdnet published this on April 12, 2007.
In the present time as Vista lacks critical vulnerabilities, hackers wanting to exploit them have shifted their attention to other well-known software.
Related article: A New "Blackmailing" Variant Creeps Around…
» SPAMfighter News - 20-04-2007