Author Topic: Win 8 Zero-Day Exploit (Read 4836 times)

Tinman57 · « **on:** November 03, 2012, 06:48 PM »

VUPEN Researchers Say They Have Zero-Day Windows 8 Exploit

Controversial bug hunters and exploit sellers VUPEN claimed to have cracked the low-level security enhancements featured in Windows 8, Microsoft's latest operating system.

http://threatpost.co...ows-8-exploit-110112

Stoic Joker · « **Reply #1 on:** November 04, 2012, 07:37 AM »

Boot-level attacks are on the rise according to security experts. Attackers have found great success with rootkits that infect a Windows machine’s BIOS or Master Boot Record, giving them persistent and often undetected access to a machine. Boot-level attacks can also lead to further malware infections where an attacker can harvest credentials and use an infected computer as a pivot point for attacks on other machines in a network.
-The Article

I've been seeing many of the MBR variety in the field lately, but hadn't realized the BIOS exploits were off the drawing board and in the wild. Any ideas how one would even go about trying to detect/remove one of those??

40hz · « **Reply #2 on:** November 04, 2012, 08:28 AM »

Sometimes I can't help wondering if some of this activity is being financed by parties interested in building the case for closed software ecosystems and single-source app stores.

TaoPhoenix · « **Reply #3 on:** November 04, 2012, 09:01 AM »

Boot-level attacks are on the rise according to security experts. Attackers have found great success with rootkits that infect a Windows machine’s BIOS or Master Boot Record, giving them persistent and often undetected access to a machine. Boot-level attacks can also lead to further malware infections where an attacker can harvest credentials and use an infected computer as a pivot point for attacks on other machines in a network.
-The Article

I've been seeing many of the MBR variety in the field lately, but hadn't realized the BIOS exploits were off the drawing board and in the wild. Any ideas how one would even go about trying to detect/remove one of those??
-Stoic Joker (November 04, 2012, 07:37 AM)

I think Mark Russinovich led the way on these when he busted Sony's Rootkit attempt back in the day. I think he has a couple of utilities (now owned by MS) that compares boot records with raw data dumps to look for boot level problems.

TaoPhoenix · « **Reply #4 on:** November 04, 2012, 09:06 AM »

Sometimes I can't help wondering if some of this activity is being financed by parties interested in building the case for closed software ecosystems and single-source app stores.
-40hz (November 04, 2012, 08:28 AM)

Well I wouldn't put it past Apple to poke holes in MS software, that's a cinch to see. But for MS to do it to themselves gets all into Tin Foil Hat territory that I don't wanna get dragged into : (

SeraphimLabs · « **Reply #5 on:** November 04, 2012, 09:44 AM »

I've noticed a sharp rise in MBR and boot sector rootkits, and now as part of a standard OS reload procedure use a Linux LiveCD to run DD and zero the first 4GB of a drive before reinstalling the OS.

But I will be surprised if they find a way to reliably infect the BIOS. BIOS code varies widely from system to system as it is the hardware specific level providing glue between chipset and OS. For such a thing to be possible, it would have to target similarities in a particular vendor, such as Phoenix.

40hz · « **Reply #6 on:** November 04, 2012, 09:51 AM »

Sometimes I can't help wondering if some of this activity is being financed by parties interested in building the case for closed software ecosystems and single-source app stores.
-40hz (November 04, 2012, 08:28 AM)

Well I wouldn't put it past Apple to poke holes in MS software, that's a cinch to see. But for MS to do it to themselves gets all into Tin Foil Hat territory that I don't wanna get dragged into : (
-TaoPhoenix (November 04, 2012, 09:06 AM)

Agree. But I doubt any of the companies would be stupid enough to do something like that.

But they're not the only stakeholders that would stand to benefit. Anybody holding significant stock positions would also do so. And these people are much more likely to resort to dirty tricks. Especially with the growing amount of hack talent coming out of certain state sponsored university programs and "computer clubs."

Not all these black hats want to work for their governments. Many have found lucrative freelance work.

Global village. Global economy. Global market.

f0dder · « **Reply #7 on:** November 05, 2012, 11:59 AM »

Is there any example of BIOS infection in the wild? I would be a bit surprised to see this in generic malware, the complexity is relatively high and there's just so many different configurations out there - seems more like the kind of thing that would be used for more targeted attacks.

MBR and UEFI infections are a quite different story (while still nasty and somewhat complex to do).

40hz · « **Reply #8 on:** November 05, 2012, 12:23 PM »

+1 w/f0dder. I'd be curious to see if one ever does surface that could affect a broad base of machines - although the likelihood does increase as the PC market becomes more and more the preserve of a small handful of companies. Which is one more argument for encouraging diversity in the OS and hardware market. The fewer varietals there are, the more effectively and reliably they can be targeted. Something that's been talked about for many years.

Can't speak for UEFI issues this early in the game. But like Stoic Joker, I've also seen MBR infections in the field these last few months. So I guess the genie is out of the bottle with that category of malware.

Author Topic: Win 8 Zero-Day Exploit (Read 4836 times)

Tinman57

Win 8 Zero-Day Exploit

Stoic Joker

Re: Win 8 Zero-Day Exploit

40hz

Re: Win 8 Zero-Day Exploit

TaoPhoenix

Re: Win 8 Zero-Day Exploit

TaoPhoenix

Re: Win 8 Zero-Day Exploit

SeraphimLabs

Re: Win 8 Zero-Day Exploit

40hz

Re: Win 8 Zero-Day Exploit

f0dder

Re: Win 8 Zero-Day Exploit

40hz

Re: Win 8 Zero-Day Exploit