Menu
Despite pledge, researchers release VBootkit 2.0 code

Despite pledge, researchers release VBootkit 2.0 code

Microsoft says Windows 7 doesn't have a security vulnerability that VBootkit 2.0 can exploit

Indian security researchers have released proof-of-concept code that can be used to take over a computer running Microsoft's upcoming Windows 7 operating system, despite earlier promising not to make the code public for fear it could be misused.

VBootkit 2.0 was developed by researchers Vipin Kumar and Nitin Kumar and is now available for download under an open-source license.

They unveiled the proof-of-concept code at the Hack In The Box (HITB) security conference in Dubai last month, where they showed how it could be used to give an attacker complete control over a Windows 7 computer, including the ability to remove and restore user passwords without a trace and strip DRM (digital rights management) protections from media files.

"We don't have any plans to make it open source, due to chances of misuse," Nitin Kumar wrote in an April 27 e-mail.

In an e-mail announcing the release of the VBootkit 2.0, Vipin Kumar did not offer a reason for their apparent change of heart.

But in a follow-up message, he said they wanted to help spur other researchers to develop new defenses against these types of attacks.

"All we are trying to do is help more people understand the real enemy, malware, so new innovations can occur," Vipin Kumar wrote.

Microsoft doesn't consider VBootkit 2.0 a serious threat. "Any claims made at the event relating to Windows 7 having a security vulnerability are not true," the software maker said in an e-mail statement.

Microsoft's assertion is technically true. VBootkit 2.0 does not exploit a security vulnerability.

Instead, it exploits a design flaw in the operating system, which assumes that the boot process can be trusted and is safe from attack. VBootkit 2.0 works by modifying files as they are loaded into the main memory of a computer, a type of attack that Windows 7 is not designed to stop on its own.

This type of attack can be blocked by using BitLocker Drive Encryption (BDE) and a Trusted Platform Module, but these features will not be available on many Windows 7 computers.

Microsoft also cited the nature of the VBootkit 2.0 demonstration as further evidence that it doesn't present a threat.

"With the scenario we have seen reported there is no question of Windows 7 being broken into or comprised remotely - by an attacker using a malicious exploit over the Internet for example," Microsoft said.

However, VBootkit 2.0 is only a proof of concept, meant to illustrate that an attack can work.

The code can be modified by an attacker and used for a remote attack, as has been done with other bootkit attacks, Nitin Kumar said.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareVBootkit

Brand Post

What to expect from your IT Distributor

Whether you’re just starting out or you’ve been around since before the dot com rollercoaster, choosing the right distribution partner can be a pivotal factor in your success. This definitive guide outlines the traits that every IT partner needs to look for in their IT Distributor.

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments