News19,135 Articles
News spotlights:
Business | CES | Digital audio | Gadgets | Games | Green computing | Home entertainment | Internet & broadband | Laptops | Linux | Macs | PC Peripherals & components | PC security | PCs & laptops | Mobile phones | Digital photography & video | Software | Wi-Fi & networking
News by company:
AMD | Apple | BT | Dell | Google | HP | Intel | Microsoft | Nvidia | Sony
News by product:
Windows XP | Windows Vista | Windows 7 | Apple iPhone | BlackBerry | Apple iPad
April 24, 2009
Windows 7 hack opens OS to attackers
Researchers show how to take control of new OS
Security researchers demonstrated how to take control of a computer running Microsoft's upcoming Windows 7 operating system at the Hack In The Box Security Conference (HITB) in Dubai on Thursday.
Researchers Vipin Kumar and Nitin Kumar used proof-of-concept code they developed, called VBootkit 2.0, to take control of a Windows 7 virtual machine while it was booting up. They demonstrated how the software works at the conference.
"There's no fix for this. It cannot be fixed. It's a design problem," Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack.
While VBootkit 2.0 shows how an attacker can take control of a Windows 7 computer, it's not necessarily a serious threat. For the attack to work, an attacker must have physical access to the victim's computer. The attack can not be done remotely.
VBootkit 2.0, which is just 3KB in size, allows an attacker to take control of the computer by making changes to Windows 7 files that are loaded into the system memory during the boot process. Since no files are changed on the hard disk, VBootkit 2.0 is very difficult to detect, he said.
However, when the victim's computer is rebooted, VBootkit 2.0 will lose its hold over the computer as data contained in system memory will be lost.
VBootkit 2.0 is a follow-up to earlier work that Kumar and Kumar have done on vulnerabilities contained in the Windows boot process. In 2007, Kumar and Kumar demonstrated an earlier version of VBootkit for Windows Vista at the Black Hat Europe conference.
The latest version of VBootkit includes the ability to remotely control the victim's computer. In addition, the software allows an attacker to increase their user privileges to system level, the highest possible level. The software can also able remove a user's password, giving an attacker access to all of their files. Afterwards, VBootkit 2.0 restores the original password, ensuring that the attack will go undetected.
See also:
Free whitepaper: Phishing for victims - Truth, myth and cybercrime
<<newer story | back to index | older story>>
Submit to:
Reddit
Subscribe to PC Advisor now and claim your FREE gift
Question of the day!
Does your smartphone replace your need for a laptop when on the move?
% of PC Advisor readers agree with you
What tasks can your smartphone do that would have traditionally been done on a laptop?
Follow the conversation at @SmartphoneFocus
web browsing, search facilities, voip, email, word processing everything RT @Graham_D_C
Mainly email but getting better at spreadsheets etc, RT @IDGdan
Recent reviews
- Malwarebytes' Anti-Malware Free review
- Kodak ESP 5250 review
- Fujitsu LifeBook T4410 review
- Kodak ESP 3250 review
- Lenovo ThinkCentre A70z review
- Microsoft SideWinder X4 review
- Sony BDP-S360 review
- Acer Liquid review
- LaCie Sound2 review
- ASUS U50Vg review
Latest reader comments
- Bizzo. How can you HATE them if you don't use them? Surely it makes no difference that they're...
- I hate Facebook and Social networking sites. I mean, whats the actual point ? everyone who i...
- I sure do not need 1,000 characters to say that FB pisses me off. No consultation, no "would you...
- Hi Dave, Yes! apple are only doing EXACTLY THE SAME as Microsoft have done for years & years....
- yeah i agree with one of the other users on here...where's the WIN7 or Linux....would be sweeet...
Top news
- ComScore: 2009 social networking stats
- Bing boings but Google grows
- Microsoft, Google join MediaTek to boost emerging market sales
- Samsung & LG to show social networking phones
- Google adds Nexus One phone support
Latest blog entries
- Smartphone blogs: best apps, best phones, best freeware
- Smartphone focus: Twitter - will Apple, Google dislodge BlackBerry?
- Google plots instant translator for smartphone
- Free and friendly Windows security software? What's the catch?
- Google Books: time for a rethink?
Sponsored Content
-
Take the internet to new places with the Nokia N800
Communicate how you want to, where you want to with instant messaging, email and internet calling. View movies, browse the internet wirelessly and watch TV on the high-resolution screen and listen through high-quality stereo speakers with headphone jack.
Buy now
Latest technology news:
Sponsored links
-
New - BlackBerry Advisor
Get hands-on with our exclusive Virtual BlackBerry handset and check out the latest reviews of BlackBerry smartphones and software. -
Crucial Memory Upgrades
Go to Crucial.com and use either our Memory Advisor Tool or System Scanner to find a 100% compatible memory upgrade for your system, from the Best Memory Manufacturer of 2008! We offer free delivery, free technical support, and lifetime warranty. -
Award-winning Spyware Doctor with AntiVirus 2010
delivers powerful antivirus and antispyware protection using layered technologies to defend your PC. Download now for a free scan! Discover how our award-winning ThreatFire™ Behavioural Intelligence blocks new threats faster than traditional signature methods. -
PC Advisor Smartphone Focus
Latest news and resources on how smartphones are facilitating mobile and flexible working in the enterprise. Find out more and join the discussion here. -
Custom built PCs
Visit our website to see our full range of custom-built PCs. Customise any specification and have the order dispatched the next working day. A massive range of PCs - from £250 to £1,000-plus - and a full list of low-cost components are available. -
Free whitepaper
Legal risks of uncontrolled email and web use. -
Free whitepaper
Is social networking really bad for business? -
Free whitepaper
Phishing for victims: Truth, myth and cybercrime. -
Free whitepaper
Threat predictions, messaging security issues and trends for 2010. -
Free whitepaper
Email archiving: Top 10 myths and challenges. -
Free whitepaper
Managing email: Exploring common email management challenges (and how to overcome them).
About PC Advisor | Privacy policy | Media information | Site map | Contact | About IDG
All contents ©IDG 2010 | webmaster@pcadvisor.co.uk
Comments received
Nokia said on Friday, 24 April 2009
LOL
Super Mod said on Friday, 24 April 2009
Windows Sucks!