saajid
05-10-2008, 10:51 PM
Security Experts find a new place to hide Rootkits
This rootkit hides itself in the a very "difficult to find" part of the computer's microprocessor that is hidden from current antivirus products, as well as it is invisible to the operating system.
Security experts have developed a new malicious rootkit that has been feared for years. This rootkit hides itself in the a very "difficult to find" part of the computer's microprocessor that is hidden from current antivirus products, as well as it is invisible to the operating system.
It is being called a System Management Mode (SMM) rootkit, running in a protected part of a computer's memory, giving potential hackers a window into a computers memory. Built with a keylogging and communications software, the potential attacker is able to steal very sensitive information.
Rootkits amazingly enough were first introduced in 2005 by Sony BMG, when they used this technique to hide its copy protection software, which led to the largest CD recall in history as people discovered what they had done.
Since this time researchers have been looking to run rootkits outside of the operating system, making them virtually impossible to detect. The trend is taking the rootkit to the hardware.
And that is exactly what the creators Shawn Embleton and Sherri Sparks, who run a security company called Clear Hat Consulting based out of Florida, have done. The proof-of-concept software will be demonstrated publicly for the first time at the Black Hat security conference in Las Vegas this August. Sparks response on his creation is that :"I don't see it as a widespread threat, because it's very hardware-dependent; you would see this in a targeted attack."
If Sparks is right in saying this will not be a widespread threat is still to be determined, there are plenty of attackers that will be excited to get their hands on this. Brand new rootkits do not come around every day.
This rootkit hides itself in the a very "difficult to find" part of the computer's microprocessor that is hidden from current antivirus products, as well as it is invisible to the operating system.
Security experts have developed a new malicious rootkit that has been feared for years. This rootkit hides itself in the a very "difficult to find" part of the computer's microprocessor that is hidden from current antivirus products, as well as it is invisible to the operating system.
It is being called a System Management Mode (SMM) rootkit, running in a protected part of a computer's memory, giving potential hackers a window into a computers memory. Built with a keylogging and communications software, the potential attacker is able to steal very sensitive information.
Rootkits amazingly enough were first introduced in 2005 by Sony BMG, when they used this technique to hide its copy protection software, which led to the largest CD recall in history as people discovered what they had done.
Since this time researchers have been looking to run rootkits outside of the operating system, making them virtually impossible to detect. The trend is taking the rootkit to the hardware.
And that is exactly what the creators Shawn Embleton and Sherri Sparks, who run a security company called Clear Hat Consulting based out of Florida, have done. The proof-of-concept software will be demonstrated publicly for the first time at the Black Hat security conference in Las Vegas this August. Sparks response on his creation is that :"I don't see it as a widespread threat, because it's very hardware-dependent; you would see this in a targeted attack."
If Sparks is right in saying this will not be a widespread threat is still to be determined, there are plenty of attackers that will be excited to get their hands on this. Brand new rootkits do not come around every day.