INSECURITY RESEARCHERS in India have released a proof-of-concept bootkit that can be used by an attacker to gain stealthy control of Windows 7 systems.
The software, called Vbootkit 2.0, was revealed last month at the Hack In The Box computer insecurity conference in Dubai. At the time, developers Vipin Kumar and Nitin Kumar had said they wouldn't publicly release the code lest it be misused.
They've since changed their minds and have released Vbootkit 2.0 under an open sauce licence, according to PC World. They said their reason for releasing the proof-of-concept attack was to encourage security researchers to develop defences against the technique used.
"All we are trying to do is help more people understand the real enemy, malware, so new innovations can occur," Vipin Kumar wrote in an email.
Vbootkit 2.0 can be foiled by using Bitlocker hard drive encryption and a Trusted Platform module, but many Windows 7 capable PCs don't have those features.
Microsoft doesn't consider it a serious threat to Windows 7 because it doesn't enable a remote attack.
However, a malware writer might modify the Vbootkit 2.0 code to turn it into a remote attack tool as has been done with other bootkit software in the past.
Since it might be months before Windows 7 is released by Microsoft, it sounds possible that the Vole's next big thing might hit the streets with malware ready and waiting to greet it.