ITWire

Home opinion-and-analysis The Linux Distillery The dark side of open source software is Stoned

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

The dark side of open source software is Stoned

Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


When rootkits are mentioned the things which come to mind are generally hackers, Trojans, even Sony BMG. Now you can add open source software to the list with the release of the first open source rootkit framework called Stoned.
A rootkit is a piece of software which, for nefarious purposes, aims to run undetected on your computer. It will hide itself from process listings and will seek to interfere with the ordinary running of your system to fulfil its own purposes.

A bootkit is a particular type of rootkit which kicks in when the computer boots and before any operating system has loaded. This can make it even more dangerous because it has full access to the system and cannot be removed by merely inspecting the operating system’s list of start-up services.

Austrian hacker Peter Kleissner has released the world’s first ever open source bootkit framework called Stoned Bootkit, named in dubious honour of an early boot sector computer virus called “Stoned.”

Stoned Bootkit aims to attack all versions of Microsoft Windows from XP through to the brand new Windows 7, including Server releases. Stoned loads before Windows starts and remains in memory, and comes with its own file system drivers, a plug-in engine and a collection of Windows “pwning” tools.

Stoned Bootkit also claims to be the first bootkit that breaks TrueCrypt encryption as well as working with traditional FAT and NTFS disk volumes.

This means with Stoned you can install any software you choose – a Trojan horse, say – onto any computer running Windows. You do not need know any passwords and it does not matter if the file system is encrypted.

Stoned was unveiled at the Blackhat USA security conference and Kleissner’s PowerPoint presentation is available online.

In a slide entitled “Who am I?” Kleissner describes himself as an independent operating system developer, a professional software engineer and malware analyst.

The source code for the Stoned Bootkit, as well as general research and technical detail, is available on its own web site. Here you can inspect how it works as well as read instructions on making your own Stoned infector Live CD – making it tragically simple to infect computers provided you can get physical access.

For those needing more help, SecurityTube has posted a video online showing a computer being infected with Stoned and then disinfected again.

Kleissner suggests this is a useful application for law enforcement officials but I suspect there may be somewhat less scrupulous individuals who will find other uses for it.

As with such open source luminaries like WireShark, a plug-in architecture permits developers world-wide to extend the range of functions Stoned can perform. The similarities end there, with WireShark being an intrusion detection system, not an intrusion enabler.

ITWIRE SERIES - BUSINESS INTELLIGENCE WEBINAR

Looking to successfully deploy Business Intelligence & Analytics?

Discover the “real-world state of the BI market” – the knowledge you need to ensure Business Intelligence (BI) and analytics success.

Join Yellowfin for a free Webinar!

We dissect the results of 2013’s Wisdom of Crowds Business Intelligence Market Study – the BI industry’s most in-depth research report into major implementation, usage and technology trends and developments.

REGISTER NOW!

ITWIRE SERIES - BUSINESS COLLABORATION SUMMIT

Collaboration, Contact Centre and the Cloud - this is one you cannot afford to miss!

Considering the Cloud? Next generation Contact Centre? Do you understand your Customer Conversations? Are you really Collaborating?

The event will be showcasing traditional Unified Communications, Contact Centre and Workforce Optimisation themes, with an emphasis on the Australian market and cloud-based applications.

VENUE DOLTONE HOUSE HYDE PARK - SYDNEY 24th JULY

REGISTER NOW

ITWIRE SERIES - CIO SUMMIT GOLD COAST

For CIOs & Senior IT Management Summit on the Gold Coast!

This event has been personally vetted by the iTWire CEO who has attended four of these conferences in the past and is an event you cannot afford to miss!

We can guarantee that this conference is of great value. Network with fellow CIOs and IT Mgrs and hear Glenn Archer CIO, Australian Government Information Management Office (AGIMO), Matt Barrie, Award-winning Entrepreneur to provide insights on Navigating Your Entrepreneurial Initiatives in a Hyper-connected New World, Stephen Tame, CIO & Head of Group Information Technology, Jetstar, Tim Thurman, CIO, Australian Securities Exchange (ASX).

LIMITED PLACES REGISTER NOW

David M Williams

joomla site stats

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. Within two years, he returned to his alma mater, the University of Newcastle, as a UNIX systems manager. This was a crucial time for UNIX at the University with the advent of the World-Wide-Web and the decline of VMS. David moved on to a brief stint in consulting, before returning to the University as IT Manager in 1998. In 2001, he joined an international software company as Asia-Pacific troubleshooter, specialising in AIX, HP/UX, Solaris and database systems. Settling down in Newcastle, David then found niche roles delivering hard-core tech to the recruitment industry and presently is the Chief Information Officer for a national resources company where he particularly specialises in mergers and acquisitions and enterprise applications.

More in this category: « Ubuntu tweaking for everyone Linux saves the day ... again »
back to top


Services

Company

Community

Connect

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=tf&c=19&mc=imp&pli=5460041&PluID=0&ord=[2000]&rtu=-1