A bootkit is a type of boot virus that is able to hook and patch Windows kernel , and thus getting unrestricted access to the entire computer hence compromising it . The "Stoned" bootkit, a MBR rootkit was presented by Austrian software developer Peter Kleissner at the Black Hat Technical Security Conference USA 2009 and has been taken quite seriously at the circles at Redmond. It is even able to bypass full volume encryption, because the master boot record (MBR) (where Stoned is stored) is not encrypted and as the master boot record contains the decryption software which encrypts and decrypts the harddrive using a password. This is a potential weak point as MBR if compromised,can be used to pwn your whole system. Forget your antiviruses..No one’s secure!
Who is interested in Stoned Bootkit ?
- Black Hats
- Law enforcement agencies
Why is Stoned something new? Because it is the first boot-root-kit that -
- Attacks Windows XP, Sever 2003, Windows Vista, Windows 7 with one single MBR
- Attacks TrueCrypt full volume encryption (forget about data security :P)
- Has integrated FAT and NTFS drivers
- Provides support and an integrated structure for plugins and boot time applications (for future development,ethical or unethical)
As Robert Hensing quotes about bootkits -
“A bootkit is a rootkit that is able to load from a master boot record and persist in memory all the way through the transition to protected mode and the startup of the OS. It’s a very interesting type of rootkit.”
You can download Stoned Bootkit here: