topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday March 29, 2024, 6:26 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Win 8 Zero-Day Exploit  (Read 4342 times)

Tinman57

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 1,702
    • View Profile
    • Donate to Member
Win 8 Zero-Day Exploit
« on: November 03, 2012, 06:48 PM »
VUPEN Researchers Say They Have Zero-Day Windows 8 Exploit

Controversial bug hunters and exploit sellers VUPEN claimed to have cracked the low-level security enhancements featured in Windows 8, Microsoft's latest operating system.

http://threatpost.co...ows-8-exploit-110112

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Win 8 Zero-Day Exploit
« Reply #1 on: November 04, 2012, 07:37 AM »
Boot-level attacks are on the rise according to security experts. Attackers have found great success with rootkits that infect a Windows machine’s BIOS or Master Boot Record, giving them persistent and often undetected access to a machine. Boot-level attacks can also lead to further malware infections where an attacker can harvest credentials and use an infected computer as a pivot point for attacks on other machines in a network.
-The Article

I've been seeing many of the MBR variety in the field lately, but hadn't realized the BIOS exploits were off the drawing board and in the wild. Any ideas how one would even go about trying to detect/remove one of those??

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Win 8 Zero-Day Exploit
« Reply #2 on: November 04, 2012, 08:28 AM »
Sometimes I can't help wondering if some of this activity is being financed by parties interested in building the case for closed software ecosystems and single-source app stores.  :o


TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Win 8 Zero-Day Exploit
« Reply #3 on: November 04, 2012, 09:01 AM »
Boot-level attacks are on the rise according to security experts. Attackers have found great success with rootkits that infect a Windows machine’s BIOS or Master Boot Record, giving them persistent and often undetected access to a machine. Boot-level attacks can also lead to further malware infections where an attacker can harvest credentials and use an infected computer as a pivot point for attacks on other machines in a network.
-The Article

I've been seeing many of the MBR variety in the field lately, but hadn't realized the BIOS exploits were off the drawing board and in the wild. Any ideas how one would even go about trying to detect/remove one of those??

I think Mark Russinovich led the way on these when he busted Sony's Rootkit attempt back in the day. I think he has a couple of utilities (now owned by MS) that compares boot records with raw data dumps to look for boot level problems.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Win 8 Zero-Day Exploit
« Reply #4 on: November 04, 2012, 09:06 AM »
Sometimes I can't help wondering if some of this activity is being financed by parties interested in building the case for closed software ecosystems and single-source app stores.  :o

Well I wouldn't put it past Apple to poke holes in MS software, that's a cinch to see. But for MS to do it to themselves gets all into Tin Foil Hat territory that I don't wanna get dragged into : (

SeraphimLabs

  • Participant
  • Joined in 2012
  • *
  • Posts: 497
  • Be Ready
    • View Profile
    • SeraphimLabs
    • Donate to Member
Re: Win 8 Zero-Day Exploit
« Reply #5 on: November 04, 2012, 09:44 AM »
I've noticed a sharp rise in MBR and boot sector rootkits, and now as part of a standard OS reload procedure use a Linux LiveCD to run DD and zero the first 4GB of a drive before reinstalling the OS.

But I will be surprised if they find a way to reliably infect the BIOS. BIOS code varies widely from system to system as it is the hardware specific level providing glue between chipset and OS. For such a thing to be possible, it would have to target similarities in a particular vendor, such as Phoenix.


40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Win 8 Zero-Day Exploit
« Reply #6 on: November 04, 2012, 09:51 AM »
Sometimes I can't help wondering if some of this activity is being financed by parties interested in building the case for closed software ecosystems and single-source app stores.  :o

Well I wouldn't put it past Apple to poke holes in MS software, that's a cinch to see. But for MS to do it to themselves gets all into Tin Foil Hat territory that I don't wanna get dragged into : (

Agree. But I doubt any of the companies would be stupid enough to do something like that.

But they're not the only stakeholders that would stand to benefit. Anybody holding significant stock positions would also do so. And these people are much more likely to resort to dirty tricks. Especially with the growing amount of hack talent coming out of certain state sponsored university programs and "computer clubs."

Not all these black hats want to work for their governments. Many have found lucrative freelance work.

Global village. Global economy. Global market.  8)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Win 8 Zero-Day Exploit
« Reply #7 on: November 05, 2012, 11:59 AM »
Is there any example of BIOS infection in the wild? I would be a bit surprised to see this in generic malware, the complexity is relatively high and there's just so many different configurations out there - seems more like the kind of thing that would be used for more targeted attacks.

MBR and UEFI infections are a quite different story (while still nasty and somewhat complex to do).
- carpe noctem

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,857
    • View Profile
    • Donate to Member
Re: Win 8 Zero-Day Exploit
« Reply #8 on: November 05, 2012, 12:23 PM »
+1 w/f0dder. I'd be curious to see if one ever does surface that could affect a broad base of machines - although the likelihood does increase as the PC market becomes more and more the preserve of a small handful of companies. Which is one more argument for encouraging diversity in the OS and hardware market. The fewer varietals there are, the more effectively and reliably they can be targeted. Something that's been talked about for many years.

Can't speak for UEFI issues this early in the game. But like Stoic Joker, I've also seen MBR infections in the field these last few months. So I guess the genie is out of the bottle with that category of malware.