“There’s no fix for this. It cannot be fixed. It’s a design problem,” Vipin Kumar said, explaining the software exploits the Windows 7 assumption that the boot process is safe from attack.Scary? Not really because the attacker must have physical access to your PC before he (or she) can do the attack. But if Vbootkit 2.0 is already in your PC, the attacker can control it remotely.
This is how the hack works, the program VBootKit 2.0 during the boot time, loads itself into the system memory and bypasses the hard drive altogether, making it extremely difficult to detect. Because nothing is changed on the hard disk itself, VBootkit 2.0 is hard to detect.
Once the software is loaded onto the memory, any ill-intentioned attacker can access all data, change passwords, install softwares to remotely control the PC. However, when the victim’s computer is rebooted, VBootkit 2.0 will lose its hold over the computer as data contained in system memory will be lost.
Labels: Vulnerability, Windows 7