VBootKit 2.0 can take full control over a computer running Windows 7 menu

User Tag List

Results 1 to 3 of 3
  1. #1
    Kubiatsu's Avatar Contributor
    Reputation
    167
    Join Date
    Feb 2007
    Posts
    506
    Thanks G/R
    9/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    VBootKit 2.0 can take full control over a computer running Windows 7

    Security researchers demonstrated how to take control of a computer running Microsoft's upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday.

    Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. They demonstrated how the software works at the conference.




    "There's no fix for this. It cannot be fixed. It's a design problem," Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack.

    While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.

    VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said.

    However, when the victim's computer is rebooted, VBootkit 2.0 will lose its hold over the computer as data contained in system memory will be lost.

    VBootkit 2.0 is a follow-up to earlier work that Kumar and Kumar have done on vulnerabilities contained in the Windows boot process. In 2007, Kumar and Kumar demonstrated an earlier version of VBootkit for Windows Vista at the Black Hat Europe conference.

    The latest version of VBootkit includes the ability to remotely control the victim's computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected.

    VBootKit 2.0 can take full control over a computer running Windows 7
  2. #2
    blackfang500's Avatar Member
    Reputation
    35
    Join Date
    Apr 2007
    Posts
    491
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Very... Interesting... Kinda scary...

  3. #3
    Kubiatsu's Avatar Contributor
    Reputation
    167
    Join Date
    Feb 2007
    Posts
    506
    Thanks G/R
    9/4
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here is the website of the creators:

    Code:
    http://www.nvlabs.in/archives/0-Hack-in-the-Box-Dubai-2009.html


    And you can download a powerpoint presentation of them explaining how it all works.

    Code:
    http://www.nvlabs.in/uploads/projects/vbootkit/nitin_vipin_vista_vbootkit.ppt

Similar Threads

  1. [HELP] I've got ACC/PW can i take full control of the acc?
    By [Smurtey] in forum WoW Scams Help
    Replies: 3
    Last Post: 03-05-2009, 10:33 AM
  2. scammed and got full controll of acc
    By drsmallo in forum WoW Scam Prevention
    Replies: 17
    Last Post: 12-28-2008, 10:31 PM
  3. How do I take full control with account name and password?
    By ultimbc123 in forum WoW Scams Help
    Replies: 5
    Last Post: 10-01-2008, 09:55 AM
  4. Replies: 4
    Last Post: 09-14-2008, 06:40 PM
  5. Replies: 17
    Last Post: 07-13-2008, 02:11 PM
All times are GMT -5. The time now is 11:03 AM. Powered by vBulletin® Version 4.2.3
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2024 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search