Friday, November 18, 2011

Windows 8 Specific Malware Arrives

Windows 8 isn’t even out yet and malware is already showing up specifically to target Microsoft’s newest operating system.

Austrian-based Security Analyst Peter Kleissner had designed an exploit that is able to load from a hard drive’s master boot record and reside in the memory all the way through the startup of the operating system, providing root access to the PC.

The exploit- which allegedly was designed only for research and educational purposes- can even defeat new security features in Windows 8’s boot loader.


Although negative attention has been given towards Microsoft’s push towards UEFI, it seems that Microsoft might be on the right foot with pushing this technology forward since Kleisnner’s malware hack only works against legacy BIOS technology and not UEFI.

Kleissner had previously developed the Stoned bootkit as a proof-of-concept exploit that could target Windows XP, Vista, 7, and even Server 2003. Stoned is fully available as source code from Kleisnner’s site and can install itself in the Windows kernel giving access to an entire system, even systems with encrypted devices.

The newest update, which includes Windows 8 bootkit hacking, has yet to officially be offered on his site or elsewhere. According to Kleissner its infector file is only 14kb in size and he is considering adding an option that that allows Windows to accept any password as valid for an account.

Windows 8’s boot loader added a number of new security features designed to prevent malware and security breaches, including requiring valid digital signatures. Microsoft claimed this would stop most malware in its track because it would block unsigned software from loading into memory before startup.

Every time a company comes up with a new anti-hacker or anti-malware solution all that happens is that the hackers and malware creators step up their game and find a way to work around it, as proven by Kleissner.

According to Peter he plans to show off and release the malware code at the International Malware Conference in Mumbai, India, scheduled for Nov. 25 and 26. For those who aren’t familiar with MalCon it is a special conference designed to show off advances in malware technology for education, research, and future prevention.

Although Peter claims that he will be attending the conference, MalCon has confirmed that his attendance is actually still tentative due to the fact that he has yet to be granted a visa.

If he can’t make it in person perhaps he can still present the code via video and release the code onto the net, but it’s unclear if he will actually be able to make the journey to Mumbai.

The problem with receiving a Visa is that Kleissner has a court date on December 15th on charges related to the Stoned Bootkit. After presenting Stoned at the Black Hat Conference in 2008, a prosecutor moved forward on a case against the programmer with claims that it violated Austria’s anti-hacking laws.

It makes it hard to rest at ease knowing that on the 25 and 26th of November there will be tons of free malware codes passed around to eager hackers, both good and evil.


I understand the purpose of the conference and even the spirit behind it, but handing out code online and in easy to access places just seems to be inviting trouble.

Windows 8 has many security improvements from 7, that much we do know. What we don’t know is that if any of these improvements will really make any difference in the long run.

0 comments:

Post a Comment

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More