{"id":2229,"date":"2009-03-27T00:00:00","date_gmt":"2009-03-27T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2009\/03\/27\/new-rootkit-attack-hard-to-kill\/"},"modified":"2021-12-30T11:40:54","modified_gmt":"2021-12-30T11:40:54","slug":"new-rootkit-attack-hard-to-kill","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2009\/03\/27\/new-rootkit-attack-hard-to-kill\/","title":{"rendered":"New Rootkit Attack Hard To Kill"},"content":{"rendered":"

Researchers have come up with a way to create an even stealthier rootkit that survives reboots and evades antivirus software. Anibal Sacco and Alfredo Ortega, both exploit writers for Core Security Technologies, were able to inject a rootkit into commercial BIOS firmware using their own Python-based tool that installed the rootkit via an update, or flash, process.<\/p>\n","protected":false},"excerpt":{"rendered":"

This more “persistent” rootkit is more dangerous than a regular rootkit because it could use the BIOS-located network stack to attack other machines, as well as “using normal exploits, without any access to the disk or memory in the operating system,” the researchers said.<\/p>\n

What’s the best defense against such an attack? The researchers say it’s tough to prevent any attack from an advanced rootkit like this.<\/p>\n

The best options, they say, are to prevent the flashing of the BIOS by enabling “write” protection on the motherboard, or deploying digitally signed BIOSes, for instance.<\/p>\n

http:\/\/www.darkreading.com\/security\/vulnerabilities\/showArticle.jhtml;jsessionid=EHDXVE1URKONSQSNDLPCKH0CJUNN2JVN?articleID=216401170&subSection=Vulnerabilities+and+threats<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-2229","post","type-post","status-publish","format-standard","hentry","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2229","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2229"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2229\/revisions"}],"predecessor-version":[{"id":4716,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2229\/revisions\/4716"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2229"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}