Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, March 27, 2009

New Rootkit Attack Hard To Kill

Researchers have come up with a way to create an even stealthier rootkit that survives reboots and evades antivirus software.  Anibal Sacco and Alfredo Ortega, both exploit writers for Core Security Technologies, were able to inject a rootkit into commercial BIOS firmware using their own Python-based tool that installed the rootkit via an update, or flash, process.

This more “persistent” rootkit is more dangerous than a regular rootkit because it could use the BIOS-located network stack to attack other machines, as well as “using normal exploits, without any access to the disk or memory in the operating system,” the researchers said.

What’s the best defense against such an attack?  The researchers say it’s tough to prevent any attack from an advanced rootkit like this.

The best options, they say, are to prevent the flashing of the BIOS by enabling “write” protection on the motherboard, or deploying digitally signed BIOSes, for instance.

http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml;jsessionid=EHDXVE1URKONSQSNDLPCKH0CJUNN2JVN?articleID=216401170&subSection=Vulnerabilities+and+threats

Posted on 03/27
TrendsPermalink