I remember well the noise that was made when word of rootkits began to surface. They were nasty little suckers that threaten to by-pass your security programs and load all kinds of nasty bugger onto your computer. It was one of these rootkits that got SonyBMG into really big trouble in 2005 when it was discovered that their music CDs were installing them as part of their DRM effort.

Well it seems that the next generation of these horrors has now arrived on the scene and are going by the name of ‘bootkits’ and these bootkits make the rootkits look like boy scouts. Announced at the Black Hat conference where its creator, 18 year-old Peter Kleissner, showed how the bootkit, called Stoned, was capable of bypassing a TrueCrypt encrypted partition and system encryption.

Stoned, the bootkit, combines a rootkit with the ability to modify a PC’s Master Boot Record which enables malware to be activated even before the operating system is started. Kleissner’s bootkit is able to infect all available 32 bit varieties of Windows from Windows 2000 to Windows Vista along with the most current Release Candidate of Windows 7.

Stoned injects itself into the Master Boot Record (MBR), a record which remains unencrypted even if the hard disk itself is fully encrypted. During startup, the BIOS first calls the bootkit, which in turn starts the TrueCrypt boot loader. Kleissner says that he neither modified any hooks, nor the boot loader, itself to bypass the TrueCrypt encryption mechanism. The bootkit rather uses a "double forward" to redirect I/O interrupt 13h, which allows it to insert itself between the Windows calls and TrueCrypt. Kleissner tailored the bootkit for TrueCrypt using the freely available TrueCrypt source code.

Once the operating system has been loaded, Stoned can get to work and install malware, such as a banking trojan, in the system. Peter Kleissner, who is only 18 years old, has also included several plug-ins, for example a boot password cracker and a routine for infecting the BIOS. The framework layout of Stoned allows other programmers to develop their own plug-ins for the bootkit. Kleissner thinks that Stoned could also be of interest to investigation agencies, for example for developing a federal trojan.

Source: The H-Security :: Bootkit bypasses hard disk encryption

Interestingly enough the bootkit will not work under two conditions. The first being if the computer is using the successor to the BIOS – known as the Extensible Firmware Interface (EFI). The second is when the drive is encrypted using Windows own Bitlocker encryption mechanism.

For anyone old enough the use of Stoned as a name for this bootkit should bring back some memories as this was also the name of a silly but irritating virus back in the late 80’s which I do remember quite well even though I never got hit by it.

Bootkit – the next generation rootkit terror is a post from: The Inquisitr

Researchers at Invisible Things Lab presented information at the CanSecWest conference on Thursday in Vancouver about a security exploit that could comprise computers running on Intel processors. The exploit involves the poisoning of of the cache of a CPU operating in System Management Mode (SMM). They also noted that this was the third such types of security exploits that the team had found affecting Intel based computers in the last ten months.

The SMM exploit works by poisoning the chip’s cache memory which would allow for forced access to SMM, one of the most privileged CPU modes on x86 architectures. Even operating systems can’t access SMM – the mode that handles certain errors, power management and other features.

The potential consequence of attacks on SMM might include SMM rootkits, hypervisor compromises, or OS kernel protection bypassing, they said.

Intel has been working on a solution to prevent caching attacks on SMM memory, and a spokesperson has said that many new systems are protected against the exploit. But, writing in their paper, Rutkowska and Wojtczuk said: “Some of Intel’s recent motherboards, like the popular DQ35, are still vulnerable to the attack. Additionally, the workarounds that Intel has mentioned to us are not yet officially documented.”

Source: SC Magazine – Intel CPU exploit threatens PCs worldwide

Time to bloated Norton solution in 3 …. 2 …. 1…..

CPU poisoning affects Intel systems is a post from: The Inquisitr