Enter your search terms
Submit search form
Link 1
Void
Downloads
Find teh crap
List of Pplz
Don't Click me
Current time:
30/09/2024, 11:21 AM
Hello There, Guest! (
Login
—
Register
)
Endless Paradigm
/
Computers & Tech
/
Tech News
/
Hackers Find a New Place to Hide Rootkits
Threaded Mode
|
Linear Mode
Hackers Find a New Place to Hide Rootkits
Author
Message
feinicks
One day... we Fly...
Posts: 6,124.6050
Threads: 531
Joined: 27th Mar 2008
Reputation:
2.35695
E-Pigs
:
210817.3958
Post:
#1
Hackers Find a New Place to Hide Rootkits
not sure where this goes!
hackers!!!
Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer's microprocessor, hidden from current antivirus products.
Called a System Management Mode (SMM) rootkit, the software runs in a protected part of a computer's memory that can be locked and rendered invisible to the operating system, but which can give attackers a picture of what's happening in a computer's memory.
The SMM rootkit comes with keylogging and communications software and could be used to 'borrow' sensitive information from a victim's computer. It was built by Shawn Embleton and Sherri Sparks, who run an Oviedo, Florida, security company called Clear Hat Consulting.
The proof-of-concept software will be demonstrated publicly for the first time at the Black Hat security conference in Las Vegas this August.
The rootkits used by cyber crooks today are sneaky programs designed to cover up their tracks while they run in order to avoid detection. Rootkits hit the mainstream in late 2005 when Sony BMG Music used rootkit techniques to hide its copy protection software. The music company was ultimately forced to recall millions of CDs amid the ensuing scandal.
In recent years, however, researchers have been looking at ways to run rootkits outside of the operating system, where they are much harder to detect. For example, two years ago researcher Joanna Rutkowska introduced a rootkit called Blue Pill, which used AMD's chip-level virtualization technology to hide itself. She said the technology could eventually be used to create "100 percent undetectable malware."
"Rootkits are going more and more toward the hardware," said Sparks, who wrote another rootkit three years ago called Shadow Walker. "The deeper into the system you go, the more power you have and the harder it is to detect you."
Blue Pill took advantage of new virtualization technologies that are now being added to microprocessors, but the SMM rootkit uses a feature that has been around for much longer and can be found in many more machines. SMM dates back to Intel's 386 processors, where it was added as a way to help hardware vendors fix bugs in their products using software. The technology is also used to help manage the computer's power management, taking it into sleep mode, for example.
In many ways, an SMM rootkit, running in a locked part of memory, would be more difficult to detect than Blue Pill, said John Heasman, director of research with NGS Software, a security consulting firm. "An SMM rootkit has major ramifications for things like [antivirus software products]," he said. "They will be blind to it."
Researchers have suspected for several years that malicious software could be written to run in SMM. In 2006, researcher Loic Duflot demonstrated how SMM malware would work. "Duflot wrote a small SMM handler that compromised the security model of the OS," Embleton said. "Wee took the idea further by writing a more complex SMM handler that incorporated rootkit-like techniques."
In addition to a debugger, Sparks and Embleton had to write driver code in hard-to-use assembly language to make their rootkit work. "Debugging it was the hardest thing," Sparks said.
Being divorced from the operating system makes the SMM rootkit stealthy, but it also means that hackers have to write this driver code expressly for the system they are attacking.
"I don't see it as a widespread threat, because it's very hardware-dependent," Sparks said. "You would see this in a targeted attack."
But will it be 100 percent undetectable? Sparks says no. "I'm not saying it's undetectable, but I do think it would be difficult to detect." She and Embleton will talk more about detection techniques during their Black Hat session, she said.
Brand new rootkits don't come along every day, Heasman said. "It will be one of the most interesting, if not the most interesting, at Black Hat this year," he said.
◄◄•••
天使たちの夢か?
•••►►
My works!
10/05/2008 11:27 AM
«
Next Oldest
|
Next Newest
»
Messages In This Thread
Hackers Find a New Place to Hide Rootkits
-
feinicks
- 10/05/2008 11:27 AM
RE: Hackers Find a New Place to Hide Rootkits
-
Slushba132
- 10/05/2008, 03:45 PM
RE: Hackers Find a New Place to Hide Rootkits
-
Tetris999
- 10/05/2008, 05:54 PM
RE: Hackers Find a New Place to Hide Rootkits
-
NIGathan
- 10/05/2008, 07:15 PM
RE: Hackers Find a New Place to Hide Rootkits
-
Tetris999
- 10/05/2008, 09:38 PM
RE: Hackers Find a New Place to Hide Rootkits
-
feinicks
- 10/05/2008, 09:47 PM
RE: Hackers Find a New Place to Hide Rootkits
-
bootpsp
- 11/05/2008, 03:16 AM
RE: Hackers Find a New Place to Hide Rootkits
-
u_c_taker
- 11/05/2008, 03:22 AM
RE: Hackers Find a New Place to Hide Rootkits
-
ZiNgA BuRgA
- 11/05/2008, 05:25 AM
View a Printable Version
Send this Thread to a Friend
Subscribe to this thread
Forum Jump:
Please select one:
--------------------
Private Messages
User Control Panel
Who's Online
Search
Forum Home
Computers & Tech
-- Tech News
-- Crazy Computer
---- Computer Compendium
---- Programming
-- The Telephone
-- TV Boxes / Mini PCs
-- The Internets
Arts & Entertainment
-- Creative
---- SOTW & Battles (Archive)
-- Video Games
---- Sony Playstation
---- Nintendo
---- Microsoft (Xbox)
---- Multiplayer Meet
---- Somy MGD / Nimtendo 4PS
-- Anime, Manga & Visual Novels
---- Anime Series Discussion
-- TV & Movies
-- Music
---- Music Ratings
PSP Customization
-- PSP Theme Releases
-- PSP General Customization & Help
---- PSP Customisation Developments
---- PSP Customisation Tutorials / Guides
-- PSP Misc Discussion
---- PSP News
---- PSP Help [closed]
Random Chat
-- Random News
-- Personal Threads
---- Forum Blogs
------ 300nukez' Blog
------ EchoFrost44's Blog
------ Archived Blogs
-- Miscellaneous Confabulation
---- Pictures
---- Boretube
-- Ridiculous Outcries
---- The School (Cancelled)
------ The Front Gate
------ The Classroom(s)
------ The Hallway
------ The Playground and Oval/Field
------ The Canteen/Cafateria
------ The Library
------ The Gym/Hall
------ The Principal's Office
---- Epic Debate
Paradigm Endless
-- The Paradigm
---- PSP-Hacks Parody (1st Apr 2008)
---- Contests/Projects [Closed]
---- April Fools Forum
-- Downloads Section
---- ZB's Stuff
---- PSP XMB Customisation
---- PSP Stuff
User(s) browsing this thread: 3 Guest(s)
Quick Theme:
Use Default
-----------
Accord Ember
Aoi Sora
BirfBlue1.2
Bloodline
Brownish
BusinessBlue
ColorBright
Crystal Black
Crystal Blue
Crystal Purple
DarkFlake
Emolution
Energy Blue
Extreme360
Firefox Glow
Flora
Foundation
Fresh
GelGreen
GimpShop
GirlzRule
Glace
Gloss 1.2
Green Neutral
HiperLite
Love Hina Blue
Love Hina Theme
Mac OS X
Money Skin
MyBB Default
MyBB Default Green
MyBB Default Red
Novus Tiger
nuroxDesign - Turanj V1.2
Pinkie
PinkPower
PixelBlue
Pro
Simple Blue
Slate Blue
Slate Red
Slate Yellow
Slick_Pro
Sports Pro
staklo_bas
Ubuntu
UbuntuBB
Vision
Vista_F
Windows Live Messenger
Winter`s Wonder
Xmass
English (American)
Privacy Policy
|
Endless Paradigm
|
Return to Top
|
Return to Content
|
Lite (Archive) Mode
|
RSS Syndication
Powered By
MyBB
, © 2002-2024
MyBB Group
.