May

10

Hackers Find a New Place to Hide Rootkits

Filed Under Technology | Posted By Jennifer Sullivan |

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer’s microprocessor, hidden from current antivirus products.

It is called SMM.The SMM is stands for System Management Mode.The SMM is rootkit software runs in a protected part of a computer’s memory that can be locked and rendered invisible to the operating system, but which can give attackers a picture of what’s happening in a computer’s memory.

The SMM rootkit comes with keylogging and communications software and could be used to steal sensitive information from a victim’s computer. It was built by Shawn Embleton and Sherri Sparks, who run an Oviedo, Florida, security company called Clear Hat Consulting.

The rootkits used by cyber crooks today are sneaky programs designed to cover up their tracks while they run in order to avoid detection. Rootkits hit the mainstream in late 2005 when Sony BMG Music used rootkit techniques to hide its copy protection software.

In recent years, however, researchers have been looking at ways to run rootkits outside of the operating system, where they are much harder to detect.

“Rootkits are going more and more toward the hardware,” said Sparks, who wrote another rootkit three years ago called Shadow Walker. “The deeper into the system you go, the more power you have and the harder it is to detect you.”

The SMM rootkit, running in a locked part of memory, would be more difficult to detect than Blue Pill, said John Heasman, director of research with NGS Software, a security consulting firm. “An SMM rootkit has major ramifications for things like [antivirus software products],” he said. “They will be blind to it.”

Researchers have suspected for several years that malicious software could be written to run in SMM.

“I don’t see it as a widespread threat, because it’s very hardware-dependent,” Sparks said. “You would see this in a targeted attack.”

He said,”Brand new rootkits don’t come along every day, Heasman said. “It will be one of the most interesting, if not the most interesting, at Black Hat this year”.





Leave a Trackback

AddThis Social Bookmark Button


Comments

Leave a Reply