Vbootkit Bypasses Vista Code Signing

As expected Vista isn't perfect. It's possible to load unsigned code into the kernel. Vbootkit proves it.

The authors of Vbootkit, Nitin and Vipin Kumar, recently gave presentations at Blackhat Europe and HITBSecConf2007 in Dubai.

Vbootkit takes advantage of what the men call "custom boot sectors" to get itself loaded at boot time. Since Vbootkit can load into the kernel it can do nearly anything on the system, according to the developers. The proof of concept code raises a command shell to run in the context of the System account, starts the Telnet server, and more.

The code isn't circulating in the wild, but the two developer's did provide binary code to some anti-virus solution makers.

What this points out that is you can expect to see some nasty malware coming out that uses this attack point.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.