Black Hat Conference in Amsterdam usually has one or two very interesting presentations and this year two Indian hackers stole the show. They’ve namely presented a so called “boot loader” which can work around Windows Vista’s code verification. Signed code is a way for the operating system to verify that the code is harmless, but also that it is legal and not pirated code. VBootkit uses the fact that Vista believes that everything is normal during the boot and that there are no tricks before the operating system is about to launch.
By booting the computer with a disc that launches the VBootkit before Vista starts to load they are able to catch Vista in the act of fetching certain information and launching certain services. For example, as soon as Vista tried to run Bootmgr.exe, Winload.exe and several other important applications VBootkit will manipulate the security functions of these without Vista being any the wiser. Which means that you would be able to bypass Vista’s security and run unsigned code.We should mention that they were using Vista RC2 during the demonstration, but according to the two hackers the final version works just as good. They simply couldn’t afford it.
