EC-Council Partner Netacademia reveals a New Rootkit for Windows 32 bit version at Hacker Halted USA

Jan. 3, 2011 - PRLog -- December 15th,  2010 – Albuquerque, NM – After so many years of silence on the Rootkit front, a brand new, fully functional yet undetectable Windows 2008/Windows 7 Rootkit was launched on Hacker Halted 2010, Miami . The rootkit, which also implements a so-called “theoretical" attack has been developed by a security professional from Hungary, Csaba Barta who is an EC-Council Certified Instructor at Netacademia. According to EC- Council current plans are to send the code to major virus scanner vendors, and then rootkit will be made available to the information security community as part of the next version of Certified Ethical Hacker V7  training.

After so many years of deep pocket investments and thorough development in the security field by many hardware and software vendors, many assume that there will be no more room for a perpetrator to implement such a code - that not only can hide itself in the computer but fool the operating system so badly that regular forensics investigations is unable to reveal it, not at least, without tedious efforts.

Csaba Barta, a Certified EC-Council Instructor of NetAcademia in Budapest, Hungary, and forensic investigator of Deloitte Hungary spent two and a half years investigating the most modern operating systems implementing a Rootkit which is able to switch logged on users’ identity, credentials and password with ease.

“My goal was to create a proof-of-concept Rootkit for training purposes only, that’s why you did not hear about it until now. It turned out later that I was able to implement attack types nobody else had done before". – said Csaba, who is very proud of his Cached Data Attack module, which is capable of clearing and setting passwords in memory without the conscience of the operating system. He adds “This rootkit is a good example of how techniques used in widely spread forensic software could be used by malicious software in order to avoid detection. It has to be mentioned that the concept was first documented by Brendan Dolan-Gavitt in 2008.“

Some of the rootkit capabilities in a nutshell: besides of all the routine tasks that every Rootkit does (like hiding files, processes etc.), Csaba’s Rootkit is also capable of stealing access tokens from arbitrary processes, making security context change to SYSTEM and back a breeze. His proprietary implementation of Cached Data Attack reveals the inherent vulnerability of password handling of Windows. It is not only capable of setting any users’ password to any value but it does it leaving no tracks behind.

According to Sean Lim, Vice President of EC Council: "This is a two sided story. On one side, we are very proud of Csaba’s results, but the other hand it is a sad evidence of the fact that there are hidden attack that surface all the time. We plan to incorporate the Rootkit in the CEHv7 Training Material to make our students aware of the risks. We continue to draw attention to possible security threats to information technology systems and to provide solutions to these threats to ensure that such systems remain safe.”

Contact Press
EC-Council
Email:  iclass@eccouncil.org
Tel:  505.341.3228

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).