A European researcher has created a rootkit that can evade detection in Windows 7 and Windows Server 2008 machines and reset user passwords. The rootkit was initially a project meant for training purposes. But its designer, a security expert for Deloitte in Hungary who works on penetration testing and forensic cases, says he eventually discovered he could perform new types of attacks with the rootkit, which he plans to deliver to antivirus firms as well as to the International Council of E-Commerce Consultants (EC-Council) for its certified hacker training program. He demonstrated the rootkit for the first time at the recent Hacker Halted conferences in Miami, Florida, and Cairo, Egypt. One particularly powerful module of the rootkit is based on the concept of a cached data attack. The cached data attack has to do with how the operating system caches data in physical memory. It lets an attacker clear and reset passwords in memory without being detected by the operating system.
Source: http://www.darkreading.com/authentication/167901072/security/vulnerabilities/229000%20060/new-stealth-rootkit-steals-windows-7-server-2008-user-privileges-on-the-fly.html
No comments:
Post a Comment