Friday, July 31, 2009

Bootkit Bypasses Hard Disk Encryption

Bootkit = Bootable + Rootkit

This year, at BlackHat security conference, an Austrian IT security specialist Peter Kleissner presented an open development framework for creating rookits that activate early on in the boot process using MBR, aka bootkit.

This bootkit combines a rootkit with the ability to modify a PC's Master Boot Record (MRB), enabling the malware to be activated even before the operating system is started. The bootkit is called Stoned, which is capable of bypassing the TrueCrypt partition and system encryption.

You can access the BH USA 2009 media archives to get a copy of the slides and paper.