feinicks
One day... we Fly...
Posts: 6,124.6050 Threads: 531
Joined: 27th Mar 2008
Reputation: 2.35695
E-Pigs : 210817.3958
Hackers Find a New Place to Hide Rootkits
not sure where this goes!
hackers!!! Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer's microprocessor, hidden from current antivirus products.
Called a System Management Mode (SMM) rootkit, the software runs in a protected part of a computer's memory that can be locked and rendered invisible to the operating system, but which can give attackers a picture of what's happening in a computer's memory.
The SMM rootkit comes with keylogging and communications software and could be used to 'borrow' sensitive information from a victim's computer. It was built by Shawn Embleton and Sherri Sparks, who run an Oviedo, Florida, security company called Clear Hat Consulting.
The proof-of-concept software will be demonstrated publicly for the first time at the Black Hat security conference in Las Vegas this August.
The rootkits used by cyber crooks today are sneaky programs designed to cover up their tracks while they run in order to avoid detection. Rootkits hit the mainstream in late 2005 when Sony BMG Music used rootkit techniques to hide its copy protection software. The music company was ultimately forced to recall millions of CDs amid the ensuing scandal.
In recent years, however, researchers have been looking at ways to run rootkits outside of the operating system, where they are much harder to detect. For example, two years ago researcher Joanna Rutkowska introduced a rootkit called Blue Pill, which used AMD's chip-level virtualization technology to hide itself. She said the technology could eventually be used to create "100 percent undetectable malware."
"Rootkits are going more and more toward the hardware," said Sparks, who wrote another rootkit three years ago called Shadow Walker. "The deeper into the system you go, the more power you have and the harder it is to detect you."
Blue Pill took advantage of new virtualization technologies that are now being added to microprocessors, but the SMM rootkit uses a feature that has been around for much longer and can be found in many more machines. SMM dates back to Intel's 386 processors, where it was added as a way to help hardware vendors fix bugs in their products using software. The technology is also used to help manage the computer's power management, taking it into sleep mode, for example.
In many ways, an SMM rootkit, running in a locked part of memory, would be more difficult to detect than Blue Pill, said John Heasman, director of research with NGS Software, a security consulting firm. "An SMM rootkit has major ramifications for things like [antivirus software products]," he said. "They will be blind to it."
Researchers have suspected for several years that malicious software could be written to run in SMM. In 2006, researcher Loic Duflot demonstrated how SMM malware would work. "Duflot wrote a small SMM handler that compromised the security model of the OS," Embleton said. "Wee took the idea further by writing a more complex SMM handler that incorporated rootkit-like techniques."
In addition to a debugger, Sparks and Embleton had to write driver code in hard-to-use assembly language to make their rootkit work. "Debugging it was the hardest thing," Sparks said.
Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking.
"I don't see it as a widespread threat, because it's very hardware-dependent," Sparks said. "You would see this in a targeted attack."
But will it be 100 percent undetectable? Sparks says no. "I'm not saying it's undetectable, but I do think it would be difficult to detect." She and Embleton will talk more about detection techniques during their Black Hat session, she said.
Brand new rootkits don't come along every day, Heasman said. "It will be one of the most interesting, if not the most interesting, at Black Hat this year," he said.
10/05/2008 11:27 AM
Slushba132
BustyLoli-Chan
Posts: 3,125.3993 Threads: 508
Joined: 20th Feb 2008
Reputation: -8.27558
E-Pigs : 73.1299
RE: Hackers Find a New Place to Hide Rootkits
...Why the hell are people building these things!?!
10/05/2008 03:45 PM
Tetris999
..............................
Posts: 2,390.4622 Threads: 298
Joined: 15th Apr 2007
Reputation: -6.7936
E-Pigs : 82.5657
RE: Hackers Find a New Place to Hide Rootkits
...........................
seriously im just pissed, people just make spoon like this to infest other peoples computers
i don't know what their intentions are, but ill be damn pissed when i find this poo poo makes it to my comp
this is what wee call bull-spoon hacking, the stuff that attacks the general public rather than helping them (like unlocking iphones and such)
MY SIG IS FUCKING DEAD
10/05/2008 05:54 PM
NIGathan
Mr.NigathanNigorrilla
Posts: 243.3251 Threads: 14
Joined: 4th Feb 2008
Reputation: -2.97985
E-Pigs : 1.1256
RE: Hackers Find a New Place to Hide Rootkits
Tetris999, don't forget if it wasn't for trojans and viruses the 2.00 FW downgrader would have never existed.
Also, most of the people who create these don't have any intentions to harm your computer. Viruses and trojans arent necessarily harmful until they fall into the wrong hands.
Wed, 10:38:37 - hibbyware
that sucks
Wed, 10:38:37 - YoYoBallz
that sucks
10/05/2008 07:15 PM
Tetris999
..............................
Posts: 2,390.4622 Threads: 298
Joined: 15th Apr 2007
Reputation: -6.7936
E-Pigs : 82.5657
RE: Hackers Find a New Place to Hide Rootkits
NIGathan Wrote: Tetris999, don't forget if it wasn't for trojans and viruses the 2.00 FW downgrader would have never existed.
Also, most of the people who create these don't have any intentions to harm your computer. Viruses and trojans arent necessarily harmful until they fall into the wrong hands.
i guess so and that's what i was pointing to, but now im a worried that something like this can be used to make some massive trouble on peoples computers and compromise their privacy without them knowing
i guess its kind of like a new piece of technology, some people use it for war and some people use it for the general public i just frown at the negative ways such technologies are used; and that's probably why i get so pissed when they are made
MY SIG IS FUCKING DEAD
10/05/2008 09:38 PM
feinicks
One day... we Fly...
Posts: 6,124.6050 Threads: 531
Joined: 27th Mar 2008
Reputation: 2.35695
E-Pigs : 210817.3958
RE: Hackers Find a New Place to Hide Rootkits
not really as this rootkit is very hardware dependent... so if you keep unwanted people away from your pc, you'll be fine!
10/05/2008 09:47 PM
bootpsp
Paradigmatic Entity
Posts: 244.2640 Threads: 9
Joined: 6th Feb 2007
Reputation: 2.42214
E-Pigs : 2.2127
RE: Hackers Find a New Place to Hide Rootkits
interesting... There will always be something new out there...
11/05/2008 03:16 AM
u_c_taker
hacks=drama
Posts: 3,185.2011 Threads: 102
Joined: 29th Jan 2007
Reputation: -1.03084
E-Pigs : 36.7855
RE: Hackers Find a New Place to Hide Rootkits
technology evolves someday the hackers might be able to make it hardware independent
but then there is the other side which always are fighting the hackers
right now they don't pose a major threat
11/05/2008 03:22 AM
ZiNgA BuRgA
Smart Alternative
Posts: 17,022.2988 Threads: 1,174
Joined: 19th Jan 2007
Reputation: -1.71391
E-Pigs : 446.1274
RE: Hackers Find a New Place to Hide Rootkits
I'm presuming it could be possible for the OS to block out these sorts of things, provided there's no exploits in the OS.
Dunno though.
There have been rootkits which load the actual OS for a long time, however, those are hard to install...
11/05/2008 05:25 AM