image

A proof-of-concept security exploit in Microsoft's Windows 7 operating system has been released by Indian security researchers. The exploit has been named as VBootKit. The researchers had earlier promised that they would not make the exploit code public for fear of misuse.

VBootKit 2.0 was coded by researchers Nitin Kumar and Vipin Kumar; and the code is now available as open source for anyone who is interested to see how it works.

The researchers released the proof-of-concept exploit code at the HITB (Hack in the Box) security conference held in April in Dubai, where they espoused how an attacker could gain complete control over a Windows 7 computer, with the ability to restore and remove users' passwords and strip DRM protections (Digital rights management) from audio/video files, all without a trace.

In an email about the release of the exploit code entitled "VBootkit 2.0", Vipin said they wanted to guide other researchers develop defenses against malicious hackers exploiting the security hole.

Microsoft does not consider the exploit code VBootkit as a serious threat. Technically, Microsoft feels that, Vbootkit is not an exploit of a Windows security vulnerability, but an exploitation of a design quirk in the operating system that assumes that the boot process is a trusted process. Vbootkit works by modifying files as they are loaded into the main memory of a Windows computer and Windows 7 is unable to stop it on its own.

This exploit can be blocked by using BDE (Bitlocker Drive Encryption) but this will not be available in many Windows 7 computers.

Researcher Nitin Kumar said the Vbootkit exists only at the level of a proof of concept as it illustrates that this attack can possibly work. He also said that an attacker can possibly modify the code to work remotely, as has been shown with other similar bootkit attacks.

Download Vbootkit 2.0 source code

Vbootkit 2.0 Attacking Windows 7 (x64) via Boot Sectors presentation