Rootkit for Windows 7 (x64) ?

Hack-in-the-Box Dubai 2009
Vbootkit 2.0: Attacking Windows 7 via Boot Sectors

This talk will introduce a new tool which allows attacks against Windows 7 via boot sectors. In this talk we will demo Vbootkit 2.0 in action and show how to bypass and circumvent security policies / architecture using customized boot sectors for Windows 7 (x64). The talk will cover:

() Windows 7 Boot architecture
() Vbootkit 2.0 architecture and inner workings
() insight into the Windows 7 minkernel

We will also demonstrate:

() The use of Vbootkit in gaining access to a system without leaving traces
() Leveraging normal programs to escalate system privileges
() Running unsigned code in kernel
() Remote command & Control

All this is done, without having any footprint on the HDD (everything is in memory). It also remains invisible to all existing anti-virus solutions.

See you in Dubai

 

And I thought x64 was invincible from this sort of things, the patchguard from MS should be able to block most attacks but I guess, even that has been circumvented.

 

The tool uses a privilege excalation of Vista by mean of modified boot sector.

Well, it might be only a vulnerability which will be eventually remove. It doesn't look like a giant hole "by design"...

Privilege escalation is the worse thing for any system as it gives access to the rights of the level reached.

 

The only way this could survive reboot is if it is attached to hardware in some way.