dark side of open source software - Stoned | Information Technology / Computer Talk | Forum

A A A
Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_TopicIcon
dark side of open source software - Stoned
Avatar
rath
Member
Members
Forum Posts: 4332
Member Since:
April 9, 2009
sp_UserOfflineSmall Offline
1
September 7, 2009 - 1:38 pm
sp_Permalink sp_Print

07 September 2009

When rootkits are mentioned the things which come to mind are generally hackers, Trojans, even Sony BMG. Now you can add open source software to the list with the release of the first open source rootkit framework called Stoned.

A rootkit is a piece of software which, for nefarious purposes, aims to run undetected on your computer. It will hide itself from process listings and will seek to interfere with the ordinary running of your system to fulfil its own purposes.

A bootkit is a particular type of rootkit which kicks in when the computer boots and before any operating system has loaded. This can make it even more dangerous because it has full access to the system and cannot be removed by merely inspecting the operating system’s list of start-up services.

Austrian hacker Peter Kleissner has released the world’s first ever open source bootkit framework called Stoned Bootkit, named in dubious honour of an early boot sector computer virus called “Stoned.”

Stoned Bootkit aims to attack all versions of Microsoft Windows from XP through to the brand new Windows 7, including Server releases. Stoned loads before Windows starts and remains in memory, and comes with its own file system drivers, a plug-in engine and a collection of Windows “pwning” tools.

Stoned Bootkit also claims to be the first bootkit that breaks TrueCrypt encryption as well as working with traditional FAT and NTFS disk volumes.

This means with Stoned you can install any software you choose – a Trojan horse, say – onto any computer running Windows. You do not need know any passwords and it does not matter if the file system is encrypted.

Stoned was unveiled at the Blackhat USA security conference and Kleissner’s PowerPoint presentation is available online.

In a slide entitled “Who am I?” Kleissner describes himself as an independent operating system developer, a professional software engineer and malware analyst.

The source code for the Stoned Bootkit, as well as general research and technical detail, is available on its own web site. Here you can inspect how it works as well as read instructions on making your own Stoned infector Live CD – making it tragically simple to infect computers provided you can get physical access.

For those needing more help, SecurityTube has posted a video online showing a computer being infected with Stoned and then disinfected again.

Kleissner suggests this is a useful application for law enforcement officials but I suspect there may be somewhat less scrupulous individuals who will find other uses for it.

As with such open source luminaries like WireShark, a plug-in architecture permits developers world-wide to extend the range of functions Stoned can perform. The similarities end there, with WireShark being an intrusion detection system, not an intrusion enabler.

Avatar
Guest
Guests
2
November 13, 2009 - 7:34 am
sp_Permalink sp_Print

The core of stoned has not been released, unfortunately. Some code around it has but not the entire thing. I'm willing to bet, this seeming not to be a hypervisor jail, that this can be detected by the os. I'm also willing to bet that stoned won't make it very far in the security world- it doesn't seem like a terribly novel concept. My bias against this is that, while theoretically it could break full-disk-encryption (a claim that hasn't been proven yet), it still has to put data outside and that's where I feel it would most easily be detected.

Still... kinda neat. I like the name 🙂

... I should add that also the author, Peter Kleissner, is only 18. That's pretty mad- totally props to him.

Avatar
Boudi Luna
Member
Members
Forum Posts: 24
Member Since:
November 17, 2016
sp_UserOfflineSmall Offline
3
November 18, 2016 - 10:55 pm
sp_Permalink sp_Print

wow, this thread has some years on it but i'm going to go ahead and reply to it anyway. this is the first time i've ever heard of this stoned bootkit and i've been a hardcore user of ubuntu linux since 2006. it must not of been too much of a threat since there hasn't been anything discussed in any of the circles i'm involved in.

one of the many awesome things about open source software is that you've got hundreds if not thousands of programmers and testers who constantly keep tabs on the software and watch out for any malicious code and get the updates out to us pretty quickly since linux contains in very own anti-virus code and firewall and it's been labeled as industrial strength since it builds upon Unix.

i remember a while back when Apple's MacOS, at the time it was called OS X, got hit with its very first malware attack and this was just in the last five years and MacOS is a proprietary version of Unix/Linux in itself just like google's chrome and android operating systems. And even Microsoft Windows took a few cues from Unix back in the day right before they went proprietary as well.

Open source software, to me, is stronger and more maintained than proprietary software since you've got so many people 'hacking' it to make it stronger and better. and it's free, usually, unless you get Red Hat which is not free but still a derivative of Linux but the cost is to help pay for the technical support they've got.

So, I'm not really worried about this. If this came about 7 years ago, it seems the problem was dead before it was even a problem.

Linux = Freedom

Forum Timezone: America/Los_Angeles

Most Users Ever Online: 288

Currently Online:
30 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

greeney2: 10051

bionic: 9877

at1with0: 9242

Lashmar: 5757

tigger: 4576

rath: 4332

DIss0n80r: 4161

sandra: 3858

frrostedman: 3815

Wing-Zero: 3283

Newest Members:

DonaldpaxOZ

AlbertususNT

Deborah

Camilla Grenier

PeterDogAP

PeterDogAP

DavidbobKI

jill1LexRP

Edwina Pendleton

RichardGhval

Forum Stats:

Groups: 8

Forums: 31

Topics: 8198

Posts: 121585

 

Member Stats:

Guest Posters: 2

Members: 20183

Moderators: 0

Admins: 2

Administrators: John Greenewald, blackvault