Register a free account

ne nw
Crawlability Inc. Files for SEO Technology Patent
se sw

Go Back   Forum Index > Internet > Security Alerts and vulnerabilities
Reload this Page Rootkits on a PCI Card?
The Software Store
Register Members List Social Groups Calendar Search Today's Posts Mark Forums Read FAQ

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 11-17-2006, 06:33 PM
Mobo's Avatar
Mobo Mobo is online now
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,615
Send a message via MSN to Mobo
alert Rootkits on a PCI Card?
A well-respected British security researcher has found a way to use a [Only Registered and Activated Users Can See Links. Click Here To Register...] to plant an offensive rootkit on Windows machines. John Heasman, principal security consultant at NGSS (Next-Generation Security Software) released a research paper on the Daily Dave mailing list discussing a means of persisting a rootkit on a PCI device containing a flashable expansion ROM...
The paper is available here (PDF): [Only Registered and Activated Users Can See Links. Click Here To Register...].

Abstract:
[i]"In February 2006, presented a means of persisting a rootkit in the system BIOS via the Advanced Configuration and Power Interface (ACPI). It was demonstrated that the ACPI tables within the BIOS could be modified to contain malicious ACPI Machine Language (AML) instructions that interacted with system memory and the I/O space, allowing the rootkit bootstrap code to overwrite kernel code and data structures as a means of deployment.

Whilst using ACPI as a means of persisting a rootkit in the system BIOS has numerous advantages for the rootkit writer over "traditional" means of persistence (that include storing the rootkit on disk and loading it as a device driver), there are several technologies that are designed to mitigate this threat. Both Intel SecureFlash and Phoenix TrustedCore motherboards prevent the system BIOS from being overwritten with unsigned updates.
This paper discusses means of persisting a rootkit on a PCI device containing a flashable expansion ROM. Previous work in the Trusted Computing field has noted the feasibility of expansion ROM attacks (which is in part the problem that this field has set out to solve), however the practicalities of implementing such attacks has not been discussed in detail. Furthermore, there is little knowledge of how to detect and prevent such attacks on systems that do not contain a Trusted Platform Module (TPM). Whilst the discussion mainly focuses on the Microsoft Windows platform, it should be noted that the techniques are equally likely to apply to other operating systems."
Heasman gave a related presentation of this research at the Black Hat Federal conference earlier this year. [Only Registered and Activated Users Can See Links. Click Here To Register...] covered that presentation in detail.
__________________
[Only Registered and Activated Users Can See Links. Click Here To Register...] [Only Registered and Activated Users Can See Links. Click Here To Register...]

Reply With Quote
Sponsored Links

Reply

Bookmarks

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 12:19 AM.

Contact Us - CyberAnswers - Archive - Privacy Statement - Top

234x60
Bulletin Board Custom Version by Mobo
Copyright © 2004-2007 Cyberanswers.org All rights reserved