DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
December 7, 2016 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 120 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

Follow us
RSS
 

Hackers create rootkit that hides in CPUs

Posted on Monday, May 12 2008 @ 15:05:39 CEST by


Security researchers created a new type of rootkit that hides itself in a computer's processor. The new System Management Mode (SMM) rootkit runs in a protected part of a computer's memory that can be locked and rendered invisible to the operating system and current antivirus products.

The SMM rootkit has keylogging and communications software and could be used to steal sensitive information from a victim's computer. This rootkit was made by Shawn Embleton and Sherri Sparks from security firm Clear Hat Consulting. A proof-of-concept will be shown off at the Black Hat security conference in Las Vegas this August.
The rootkits used by cyber crooks today are sneaky programs designed to cover up their tracks while they run in order to avoid detection. Rootkits hit the mainstream in late 2005 when Sony BMG Music used rootkit techniques to hide its copy protection software. The music company was ultimately forced to recall millions of CDs amid the ensuing scandal.

In recent years, however, researchers have been looking at ways to run rootkits outside of the operating system, where they are much harder to detect. For example, two years ago researcher Joanna Rutkowska introduced a rootkit called Blue Pill, which used AMD's chip-level virtualization technology to hide itself. She said the technology could eventually be used to create "100 percent undetectable malware."

"Rootkits are going more and more toward the hardware," said Sparks, who wrote another rootkit three years ago called Shadow Walker. "The deeper into the system you go, the more power you have and the harder it is to detect you."

Blue Pill took advantage of new virtualization technologies that are now being added to microprocessors, but the SMM rootkit uses a feature that has been around for much longer and can be found in many more machines. SMM dates back to Intel's 386 processors, where it was added as a way to help hardware vendors fix bugs in their products using software. The technology is also used to help manage the computer's power management, taking it into sleep mode, for example.

In many ways, an SMM rootkit, running in a locked part of memory, would be more difficult to detect than Blue Pill, said John Heasman, director of research with NGS Software, a security consulting firm. "An SMM rootkit has major ramifications for things like [antivirus software products]," he said. "They will be blind to it."

Researchers have suspected for several years that malicious software could be written to run in SMM. In 2006, researcher Loic Duflot demonstrated how SMM malware would work. "Duflot wrote a small SMM handler that compromised the security model of the OS," Embleton said. "We took the idea further by writing a more complex SMM handler that incorporated rootkit-like techniques."
More info at PC World.


 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2016 DM Media Group bvba