Vista DRM could hide malware
Written by Gizmo   
Friday, 13 April 2007 06:53

ZDNet UK
Tom Espiner

A security researcher has released a proof-of-concept program that hackers could use to exploit Windows Vista digital rights management processes to hide malware.

Alex Ionescu claims to have developed the program — D-Pin Purr v1.0 — that will arbitrarily enable and disable protected processes in Vista, Microsoft's latest operating system.

Read the full story at ZDNet UK

Screenshots on Ionescu's blog suggest the program can be run successfully. Ionescu included stack information related to one of the processes that is by default protected on Vista. Try to retrieve that information using Process Explorer and you get an error message. In Ionescu's screenshot, taken after allegedly removing the protection, the information is visible.

The binary for the program, which is available for download, is currently being tested by security experts. Fraser Howard, a principal virus researcher at security vendor Sophos, told ZDNet UK that the program looks feasible. At the time of writing Howard had managed to get it running, but had not managed to successfully protect and unprotect processes on his machine.

"I have not confirmed it, but I have little doubt it will work as intended [to remove protection]," said Howard. "This should mean it is perfectly possible to add protection to processes as well."

Comment in the forums!

 

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either