02 September, 2009

Your PC is now Stoned! ..again

Yes, there exists a bootkit, for Windows, called "Stoned Bootkit" XD

It is an open-source homage to the "Stoned boot sector virus" from the DOS-days of the 90s. After succesfully infecting the MBR of a DOS-system, the MBR would contain code that had the ability to announce (with a 1 in 8 probability) the words:
"Your PC is now Stoned."

To elaborate a little.., a bootkit is similar to a rootkit, only it doesn't infect sub-systems of an OS. Instead, it resides in the MBR (Master Boot Record) of a Windows system-disk. This enables it to bypass drive-encryption, because Microsofts drive-encryption does not cover the MBR of a drive. Also, since it is an MBR-virus, it can be bootstrapped to the Windows-kernel (core of the operating system), making it even harder to locate, and/or remove completely.

In other words, it is an awesome piece of code, able to 'pwn' your machine completely.

It is interesting for a number of users, specifically:
  • Black hats
  • Law enforcement agencies
  • Microsoft Corporation
For both malicious use, and clever playful use (white hat hacking).

And what's even better, it's the first bootkit that:
  • attacks Windows XP, Windows Vista, Windows 7 and Windows Server 2003/2008 with one single Master Boot Record.
  • attacks TrueCrypt full volume encryption.
  • has integrated FAT and NTFS drivers.
  • has an integrated structure for plugins and boot applications (for future development).

A perfect example of "doing it, because we can" mentality.
LOL! & LuLz!


0 kommentarer :

Post a Comment