Despite pledge, researchers release VBootkit 2.0 code

Microsoft says Windows 7 doesn't have a security vulnerability that VBootkit 2.0 can exploit

Indian security researchers have released proof-of-concept code that can be used to take over a computer running Microsoft's upcoming Windows 7 operating system, despite earlier promising not to make the code public for fear it could be misused.

VBootkit 2.0 was developed by researchers Vipin Kumar and Nitin Kumar and is now available for download under an open-source license.

They unveiled the proof-of-concept code at the Hack In The Box (HITB) security conference in Dubai last month, where they showed how it could be used to give an attacker complete control over a Windows 7 computer, including the ability to remove and restore user passwords without a trace and strip DRM (digital rights management) protections from media files.

"We don't have any plans to make it open source, due to chances of misuse," Nitin Kumar wrote in an April 27 e-mail.

In an e-mail announcing the release of the VBootkit 2.0, Vipin Kumar did not offer a reason for their apparent change of heart.

But in a follow-up message, he said they wanted to help spur other researchers to develop new defenses against these types of attacks.

"All we are trying to do is help more people understand the real enemy, malware, so new innovations can occur," Vipin Kumar wrote.

Microsoft doesn't consider VBootkit 2.0 a serious threat. "Any claims made at the event relating to Windows 7 having a security vulnerability are not true," the software maker said in an e-mail statement.

Microsoft's assertion is technically true. VBootkit 2.0 does not exploit a security vulnerability.

Instead, it exploits a design flaw in the operating system, which assumes that the boot process can be trusted and is safe from attack. VBootkit 2.0 works by modifying files as they are loaded into the main memory of a computer, a type of attack that Windows 7 is not designed to stop on its own.

This type of attack can be blocked by using BitLocker Drive Encryption (BDE) and a Trusted Platform Module, but these features will not be available on many Windows 7 computers.

Microsoft also cited the nature of the VBootkit 2.0 demonstration as further evidence that it doesn't present a threat.

"With the scenario we have seen reported there is no question of Windows 7 being broken into or comprised remotely - by an attacker using a malicious exploit over the Internet for example," Microsoft said.

However, VBootkit 2.0 is only a proof of concept, meant to illustrate that an attack can work.

The code can be modified by an attacker and used for a remote attack, as has been done with other bootkit attacks, Nitin Kumar said.

Tags VBootkitmalware

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sumner Lemon

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?