What is Stoned Bootkit?
A bootkit is a boot virus that is able to hook and patch Windows to get load into the Windows kernel, and thus getting unrestricted access to the entire computer. It is even able to bypass full volume encryption, because the master boot record (where Stoned is stored) is not encrypted. The master boot record contains the decryption software which asks for a password and decrypts the drive. This is the weak point, the master boot record, which will be used to pwn your whole system. No one’s secure!
IMHO, blackhats and malware analysts really interested to go deep and to know in detail how this stone bootkit has been engineered.
Why is Stoned something new? Because it is the firts bootkit that..
- attacks Windows XP, Sever 2003, Windows Vista, Windows 7 with one single master boot record
- attacks TrueCrypt full volume encryption
- has integrated FAT and NTFS drivers
- has an integrated structure for plugins and boot applications (for future development)
You can download the source code here:
While I am trying to play with this bootkit, my computer at home which running full version Avira Antivir Professional detected http://www.stone-vienna.com containing malicious code. At least I know my webguard (one of the module inside Avira Antivir) is protecting me from any malicious activities.
However, don’t make this issue to become your resistance.
Do your homework, know your network.