Home opinion-and-analysis The Linux Distillery The dark side of open source software is Stoned

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Subscribe now and get the news that matters to your industry.

* Your Email Address:
* First Name:
* Last Name:
Industry:
Job Function:
Australian State:
Country:
Email marketing by Interspire
weebly statistics
When rootkits are mentioned the things which come to mind are generally hackers, Trojans, even Sony BMG. Now you can add open source software to the list with the release of the first open source rootkit framework called Stoned.

A rootkit is a piece of software which, for nefarious purposes, aims to run undetected on your computer. It will hide itself from process listings and will seek to interfere with the ordinary running of your system to fulfil its own purposes.

A bootkit is a particular type of rootkit which kicks in when the computer boots and before any operating system has loaded. This can make it even more dangerous because it has full access to the system and cannot be removed by merely inspecting the operating system’s list of start-up services.

Austrian hacker Peter Kleissner has released the world’s first ever open source bootkit framework called Stoned Bootkit, named in dubious honour of an early boot sector computer virus called “Stoned.”

Stoned Bootkit aims to attack all versions of Microsoft Windows from XP through to the brand new Windows 7, including Server releases. Stoned loads before Windows starts and remains in memory, and comes with its own file system drivers, a plug-in engine and a collection of Windows “pwning” tools.

Stoned Bootkit also claims to be the first bootkit that breaks TrueCrypt encryption as well as working with traditional FAT and NTFS disk volumes.

This means with Stoned you can install any software you choose – a Trojan horse, say – onto any computer running Windows. You do not need know any passwords and it does not matter if the file system is encrypted.

Stoned was unveiled at the Blackhat USA security conference and Kleissner’s PowerPoint presentation is available online.

In a slide entitled “Who am I?” Kleissner describes himself as an independent operating system developer, a professional software engineer and malware analyst.

The source code for the Stoned Bootkit, as well as general research and technical detail, is available on its own web site. Here you can inspect how it works as well as read instructions on making your own Stoned infector Live CD – making it tragically simple to infect computers provided you can get physical access.

For those needing more help, SecurityTube has posted a video online showing a computer being infected with Stoned and then disinfected again.

Kleissner suggests this is a useful application for law enforcement officials but I suspect there may be somewhat less scrupulous individuals who will find other uses for it.

As with such open source luminaries like WireShark, a plug-in architecture permits developers world-wide to extend the range of functions Stoned can perform. The similarities end there, with WireShark being an intrusion detection system, not an intrusion enabler.

PROTECT YOURSELF AGAINST BANDWIDTH BANDITS!

Don't let traffic bottlenecks slow your network or business-critical apps to a grinding halt. With SolarWinds Bandwidth Analyzer Pack (BAP) you can gain unified network availability, performance, bandwidth, and traffic monitoring together in a single pane of glass.

With SolarWinds BAP, you'll be able to:

• Detect, diagnose, and resolve network performance issues

• Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices

• Monitor and analyze network bandwidth performance and traffic patterns.

• Identify bandwidth hogs and see which applications are using the most bandwidth

• Graphically display performance metrics in real time via dynamic interactive maps

Download FREE 30 Day Trial!

CLICK TO DOWNLOAD!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

David M Williams

joomla site stats

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. Within two years, he returned to his alma mater, the University of Newcastle, as a UNIX systems manager. This was a crucial time for UNIX at the University with the advent of the World-Wide-Web and the decline of VMS. David moved on to a brief stint in consulting, before returning to the University as IT Manager in 1998. In 2001, he joined an international software company as Asia-Pacific troubleshooter, specialising in AIX, HP/UX, Solaris and database systems. Settling down in Newcastle, David then found niche roles delivering hard-core tech to the recruitment industry and presently is the Chief Information Officer for a national resources company where he particularly specialises in mergers and acquisitions and enterprise applications.

Connect