Follow on Google News News By Tag Industry News News By Place Country(s) Industry News
Follow on Google News | EC-Council Partner Netacademia reveals a New Rootkit for Windows 32 bit version at Hacker Halted USAEC-Council Partner, Netacademia reveals a New Rootkit for Windows 32 bit version at Hacker Halted USA 2010
By: EC-Council After so many years of deep pocket investments and thorough development in the security field by many hardware and software vendors, many assume that there will be no more room for a perpetrator to implement such a code - that not only can hide itself in the computer but fool the operating system so badly that regular forensics investigations is unable to reveal it, not at least, without tedious efforts. Csaba Barta, a Certified EC-Council Instructor of NetAcademia in Budapest, Hungary, and forensic investigator of Deloitte Hungary spent two and a half years investigating the most modern operating systems implementing a Rootkit which is able to switch logged on users’ identity, credentials and password with ease. “My goal was to create a proof-of-concept Rootkit for training purposes only, that’s why you did not hear about it until now. It turned out later that I was able to implement attack types nobody else had done before". – said Csaba, who is very proud of his Cached Data Attack module, which is capable of clearing and setting passwords in memory without the conscience of the operating system. He adds “This rootkit is a good example of how techniques used in widely spread forensic software could be used by malicious software in order to avoid detection. It has to be mentioned that the concept was first documented by Brendan Dolan-Gavitt in 2008.“ Some of the rootkit capabilities in a nutshell: besides of all the routine tasks that every Rootkit does (like hiding files, processes etc.), Csaba’s Rootkit is also capable of stealing access tokens from arbitrary processes, making security context change to SYSTEM and back a breeze. His proprietary implementation of Cached Data Attack reveals the inherent vulnerability of password handling of Windows. It is not only capable of setting any users’ password to any value but it does it leaving no tracks behind. According to Sean Lim, Vice President of EC Council: "This is a two sided story. On one side, we are very proud of Csaba’s results, but the other hand it is a sad evidence of the fact that there are hidden attack that surface all the time. We plan to incorporate the Rootkit in the CEHv7 Training Material to make our students aware of the risks. We continue to draw attention to possible security threats to information technology systems and to provide solutions to these threats to ensure that such systems remain safe.” Contact Press EC-Council Email: iclass@ Tel: 505.341.3228 # # # iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI). End
Account Email Address Disclaimer Report Abuse
|
|