Posts Tagged Rootkit
Vulnerability in Apple Mac Keyboards
Posted by Mourad Ben Lakhoua in News, Vulnerabilities on August 3, 2009
All keyboards include a processors and memory chip. Apple keyboard is not an exception. They contain an 8 KB flash memory and 256 bytes of RAM. K.Chen researcher at Georgia institute of Technology presented at the Black Hat conference how it is easy to install a malicious code directly into the apple keyboard.
Cracking Apple Keyboard RAM is not difficult with the help of HIDFirmwareUpdaterTool this tool provides an update to the keyboard firmware remotely. So the way to implement a keylogger in the firmware is by reverse engineering the HID, run the program set a stop point and than just copy the new malicious code (rootkit..) to the firmware image and in a few second the keyboard is compromised. Well at this point it is obviously impossible to detect this keylogger while it is embedded in the keyboard so still no keyboard AV 
and even formatting the PC will not help.
The case that K.Chen demonstrated was a simple keylogger which is able to reproduce the last five typed characters. Inside the keyboard due to the limitation in the storage just 1 KB but the interesting point that an infected website can remotely embed the rootkit in the keyboard.
After this presentation Apple announced that a utility for locking firmware should be available soon. The problem should be solved at both hardware level and at the level of firmware.
make sure you subscribe to my RSS feed!
Panda introduces cloud antivirus
Posted by Mourad Ben Lakhoua in Cloud Computing Security on April 29, 2009
Cloud computing is getting the top concern and achieved a lot of interest in the RSA2009 conference while the biggest issue in cloud is security many security software companies are working these days to adapt there security solutions to the cloud computing.
Panda security team have announced today there free cloud antivirus solution, they have added what they call Collective Intelligence, to detect viruses, malware, rootkits, and heuristicsin this technique according to panda classify new malware in under six minutes, and that it handles more than 50,000 new samples per day.
The Cloud Antivirus works by classifying threats into executables that must be scanned immediately, and non-executables that are checked at a lower priority usually when the machine is idle this help in treating a great amount of data.
you can try the Panda Cloud Antivirus and use it for free.
make sure you subscribe to my RSS feed!
Bios rootkit infection
Posted by Mourad Ben Lakhoua in News on March 25, 2009
Researchers at Core Security Technologies demonstrated how to creat a new rootkit which is even after formatting the hard disk impossible to remove, this malicious code is injected into the low level system of the target machine (BIOS firmware).
They have implemented this malicious code into two computers one machine is running Free BSD and the other is running Windows, even after reinstalling the operating systems and replacing the hard disk the malicious code remains in the machines.
The presentation available here.
SUBSCRIBE
Latest Comments