Forum latest

Vista DRM could hide malware
Written by Gizmo   
Friday, 13 April 2007 06:53

Tom Espiner

A security researcher has released a proof-of-concept program that hackers could use to exploit Windows Vista digital rights management processes to hide malware.

Alex Ionescu claims to have developed the program — D-Pin Purr v1.0 — that will arbitrarily enable and disable protected processes in Vista, Microsoft's latest operating system.

Read the full story at ZDNet UK

Screenshots on Ionescu's blog suggest the program can be run successfully. Ionescu included stack information related to one of the processes that is by default protected on Vista. Try to retrieve that information using Process Explorer and you get an error message. In Ionescu's screenshot, taken after allegedly removing the protection, the information is visible.

The binary for the program, which is available for download, is currently being tested by security experts. Fraser Howard, a principal virus researcher at security vendor Sophos, told ZDNet UK that the program looks feasible. At the time of writing Howard had managed to get it running, but had not managed to successfully protect and unprotect processes on his machine.

"I have not confirmed it, but I have little doubt it will work as intended [to remove protection]," said Howard. "This should mean it is perfectly possible to add protection to processes as well."

Comment in the forums!

Don't Click Here Don't Click Here Either