Researchers release Win 7 rootkit exploit code
Should we? Shouldn't we? Oh, go on then...
Security researchers have released a proof-of-concept rootkit for Windows 7, in the hopes that its availability will assist in the prompt development of an antidote.
Indian security researchers Vipin Kumar and Nitin Kumar demonstrated the toolkit, dubbed Vbootkit 2.0, at the Hack In The Box security conference in Dubai last month. Initially the security boffins wanted to keep the code under wraps, in case malicious hackers latched onto the approach.
They've since had second thoughts, prompting them to release the code for Vbootkit 2.0 under an open source licence, in the belief that its availability will assist the work of other security researchers.
As things stand, Vbootkit 2.0 doesn't lend itself to remote attack. It might also be thwarted by features such as BitLocker hard drive encryption and the Trusted Platform Module, in cases where this feature is available and enabled. BitLocker is only due to be available in Enterprise and Ultimate versions of Windows 7.
The Kumars are concerned that the attack approach against Windows 7 they have unearthed might be modified by skilled miscreants to develop remote attacks, hence the decision to give white hat security researchers a leg up in developing defences. They also want to make the case to Microsoft that it ought to make improved security features available across all versions of Windows 7, not just the higher-end versions.
"We would really like Microsoft to release one single edition with all features available to all user[s] instead of crippled editions," Kumar told eWeek. "Right now BitLocker and TPM are only available in the high-end versions." ®
"...use symantec arguments..."
Yes, Norton is the root of all evil ;)
I only read the title and comments
Please help me understand,
Are you saying win7 is the rootkit, or are you saying the exploit is the rootkit, and if i install win7 as a dual boot with vista will the rootkit, whichever one it is affect my vista rootkit, or will i have to get a seperate exploit to rootkit that.
Why can I not get just one rootkit and have done with the whole business.
I agree competition is good ie M$vLinuxvMacox or whatever, however when it comes to rootkitting why not just one that does all, there is enough confusion already without adding to it.
Now does this/these rootkits work better on a Dell or an Acer and what hardware/chips/gpu's etc should I require to run the "Ultimate" rootkit.
Just to point out, the TPM is a hardware feature, not a software feature.
The TPM simply stores the key used by BitLocker drive encryption. And there are also plenty of free hard drive encyption tools that can be used.