It is not the Blue pill neither SubVirt ,it is the new rootkit which is coded by indians fellows,They presented VBootKit which works on vista (see security focus Column...)
Unfortunatily the only source code available is a BOOTKits which they are designed for (200,XP,2003) and not the vBootKit(Vista designed one).
The Idea behind boot kit that it doesnt require the Operating System to work , it will simply launches before the OS (NT Subsystems in specific) and then launches the OS , So the OS will work as if in a virtual machine ,the Boot Kit is still a PoC as the developpers said in their site.
Regarding current BootKit Payload Features :
The sample presented currently keeps on escalating cmd.exe to system privileges every 30 secs.
Obtaining these BootKits from this link http://www.nvlabs.in/?q=node/14
Unfortunatily the only source code available is a BOOTKits which they are designed for (200,XP,2003) and not the vBootKit(Vista designed one).
The Idea behind boot kit that it doesnt require the Operating System to work , it will simply launches before the OS (NT Subsystems in specific) and then launches the OS , So the OS will work as if in a virtual machine ,the Boot Kit is still a PoC as the developpers said in their site.
Regarding current BootKit Payload Features :
The sample presented currently keeps on escalating cmd.exe to system privileges every 30 secs.
Obtaining these BootKits from this link http://www.nvlabs.in/?q=node/14
Labels: Security
Smilar pages