Back to the articleIs this Windows Only? #
Posted Thursday 26th April 2007 10:38 GMT
Could this technique be used on other systems such as Linux, Mac or even Symbian?
As the article mentions you can prevent it by using TPM - thought it's pretty impressive stuff!
0wning Vista from the boot
Re: Windows only #
Posted Friday 27th April 2007 00:39 GMT
The technique, as the article mentions, has been about for a while used in such things as the old boot sector viruses.
It relies on some way of being able to run privileged code when a system boots. It then hooks the normal boot process and patches bits that follow so they don't notice it or wipe it out and optionally modify the behaviour of the bits that follow aka the "payload".
The exact patching would depend on the OS and its components being booted. So the technique would be usable under Linux but the patching would be different depending on the kernel version.
If applications scan for the presence of unexpected code things end up as a game of cat and mouse. It might, for example have to patch the OS executable loader, recognize the scanner binary and patch it after loading so it thinks everything is OK.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Top stories
Popular Whitepapers
- Analyst Keynote: The Register Agile Data Center Summit
On-Demand: Audio with slides - Analyst Keynote: The Register Agile Data Center Summit
On-Demand: Audio Only - Dell PowerEdge M710 with Dell EqualLogic storage vs. HP ProLiant BL685c with HP StorageWorks EVA 4400
Virtualizaed Exchange workload performance comparison of end-to-end solutions - New storage architectures make SSDs more cost-effective
High-performance, cost-efficient storage infrastructures - Hosted CRM Can Be Your Secret Weapon to Success!
Hosted CRM comparison guide - Market Primer: ERP Systems
Still stuck in the clouds when in comes to ERP?
